High severity vuln in WinRAR could allow code to run when files are opened

Thanks for the notice!

 

Was fixed on Aug 2 in version 6.23.

 

A patched addon for Total Commander https://www.ghisler.com/unrardll.htm

 

True, a lot of them don't pay any attention to such things. That said, it's a full time job keeping your PC updated. Nobody else where I work has a clue.

 

the patch concerns rar4 recovery volumes. rar5 is now 10 year default setting.
the patch landed in winrar(.exe), or grab unrar lib like TC made it.
and yes, older versions of winrar(.exe) are vulnerable.

 

Guys, I don't know if this has been posted before, but this flaw was actually used by hackers. However, wouldn't a firewall (default-deny) easily block such an attack?

https://www.bleepingcomputer.com/ne...xploited-since-april-to-hack-trading-accounts

 

No. Why? and the cve is non-readable for reason.

 

What I'm saying is that I'm actually surprised this flaw has been already actively exploited. But yes, I believe a firewall will block this, since it needs to download malware in the background.

 

That article gave me the impression that the malware was part of the archive.

 

My bad, I somehow assumed it used some type of script to download malware, many attacks work like this. But in this particular case it wouldn't make sense since the user already downloaded the file.

But what is clear is that they use all kinds of tricks to probably bypass the AV, strange that they don't mention if Win Defender could block it or not. Which is why I always recommend to install extra protection tools like anti-loggers to complement the AV.

 

PSA: it’s time to update WinRAR due to a big security vulnerability