Bug in Popular WinRAR Software can be used to achieve remote code execution (RCE)

guest · Oct 21, 2021

Bug in Popular WinRAR Software Could Let Attackers Hack Your Computer
October 21, 2021
https://thehackernews.com/2021/10/bug-in-free-winrar-software-could-let.html

A new security weakness has been disclosed in the WinRAR trialware file archiver utility for Windows that could be abused by a remote attacker to execute arbitrary code on targeted systems, underscoring how vulnerabilities in such software could beсome a gateway for a roster of attacks.

Tracked as CVE-2021-35052, the bug impacts the trial version of the software running version 5.70. "This vulnerability allows an attacker to intercept and modify requests sent to the user of the application," Positive Technologies' Igor Sak-Sakovskiy said in a technical write-up.
"This can be used to achieve remote code execution (RCE) on a victim's computer."
Click to expand...

By intercepting the response code sent when WinRAR alerts the user about the end of the free trial period via "notifier.rarlab[.]com" and modifying it to a "301 Moved Permanently" redirect message, Positive Technologies found that it could be abused to cache the redirection to an attacker-controlled malicious domain for all subsequent requests.

On top of that, an attacker already having access to the same network domain can stage ARP spoofing attacks to remotely launch applications, retrieve local host information, and even run arbitrary code.
Click to expand...

WinRAR’s vulnerable trialware: when free software isn’t free

In this article we discuss a vulnerability in the trial version of WinRAR which has significant consequences for the management of third-party software. This vulnerability allows an attacker to intercept and modify requests sent to the user of the application. This can be used to achieve Remote Code Execution (RCE) on a victim’s computer. It has been assigned the CVE ID – CVE-2021-35052.

We found this vulnerability by chance, in WinRAR version 5.70. We had installed and used the application for some period, when it produced a JavaScript error: [...]
This was surprising as the error indicates that the Internet Explorer engine is rendering this error window. [...]
Click to expand...

Floyd 57 · Oct 21, 2021

Winrar getting exposed music for my ears

NormanF · Oct 21, 2021

Windows has a built in zip utility. People need a third party utility to extract rar. and other archives Windows can't open. I have Zip Extractor installed to take care of such extensions.

Floyd 57 · Oct 21, 2021

NormanF said: ↑

Windows has a built in zip utility. People need a third party utility to extract rar. and other archives Windows can't open. I have Zip Extractor installed to take care of such extensions.
Click to expand...

Windows should include 7zip by default not that crap utility

EASTER · Oct 21, 2021

NormanF said: ↑

Windows has a built in zip utility. People need a third party utility to extract rar. and other archives Windows can't open. I have Zip Extractor installed to take care of such extensions.
Click to expand...

7 Zip does those duties on this end. Before then WinZip for many moons and seasons.

NormanF · Oct 21, 2021

Floyd 57 said: ↑

Windows should include 7zip by default not that crap utility
Click to expand...

They have an unofficial UWP for it in the Microsoft Store.

Floyd 57 · Oct 21, 2021

NormanF said: ↑

They have an unofficial UWP for it in the Microsoft Store.
Click to expand...

UWPs

Floyd 57 · Oct 21, 2021

EASTER said: ↑

7 Zip does those duties on this end. Before then WinZip for many moons and seasons.
Click to expand...

yeah honestly just remove the built in utility and then when the user clicks Extract (dont remove the context menu) redirect him to 7zip site. then when the user installs 7zip it will remove the default windows context menu which only redirects to 7zip. not that hard to do.

Seer · Oct 21, 2021

This issue has been fixed with version 6.02.

https://www.win-rar.com/whatsnew.html?&L=0

2. WinRAR uses https instead of http in the web notifier window,
home page and themes links. It also implements additional checks
within the web notifier. This is done to prevent a malicious web page
from executing existing files on a user's computer. Such attack
is only possible if the intruder has managed to spoof or otherwise
control user's DNS records. Some other factors are also involved
in limiting the practical application of this attack.

We would like to express our gratitude to Igor Sak-Sakovskiy
for bringing this issue to our attention.
Click to expand...

EASTER · Oct 21, 2021

I personally not used WinRAR in a very long time (Windows XP) but it was ok.

Oh in Windows 10 that default zip utility I suppose is alright to a point but 7Zip offers infinite options which makes it ideal for working with archives of many different types.

stapp · Jan 25, 2022

WinRAR 6.10 Live With Windows 11 Context Menus, Windows XP No Longer Supported

WinRAR has just received a new major update, and this time, Windows users are getting lots (and when I say lots, I totally mean it) of changes.
Click to expand...

https://news.softpedia.com/news/win...s-windows-xp-no-longer-supported-534742.shtml

davews · Jan 25, 2022

6.02 already supports Windows 11 cascaded menus....... it is not clear though what else is new.

Hadron · Jan 25, 2022

What bug?

Log in or Sign up

Bug in Popular WinRAR Software can be used to achieve remote code execution (RCE)

guest Guest

Floyd 57 Registered Member

NormanF Registered Member

Floyd 57 Registered Member

EASTER Registered Member

NormanF Registered Member

Floyd 57 Registered Member

Floyd 57 Registered Member

Seer Registered Member

EASTER Registered Member

stapp Global Moderator

davews Registered Member

Hadron Registered Member

Log in or Sign up

Bug in Popular WinRAR Software can be used to achieve remote code execution (RCE)

guest Guest

Floyd 57 Registered Member

NormanF Registered Member

Floyd 57 Registered Member

EASTER Registered Member

NormanF Registered Member

Floyd 57 Registered Member

Floyd 57 Registered Member

Seer Registered Member

EASTER Registered Member

stapp Global Moderator

davews Registered Member

Hadron Registered Member

Useful Searches