Remote code execution vulnerabilities found in the old version of WinRAR, update immediately

Last week, a researcher discovered a vulnerability in an old trial version of WinRAR file compression software. It allows remote code execution, allowing attackers to intercept and change requests sent to WinRAR users. Network security researcher Igor Sak-Sakovskiy published an article on October 20, detailing the vulnerabilities of WinRAR, and specified common vulnerabilities and exposed ID CVE-2021-35052.

The vulnerability affects the WinRAR trial version 5.70 but does not include the latest version (version 6.02). The developer updated this version in July, which means that the solution has been provided, but the user needs to implement a manual upgrade as soon as possible. Researchers discovered this vulnerability when they stumbled upon a JavaScript error in version 5.70. Upon further investigation, they discovered that it is possible to intercept WinRAR’s connection to the Internet and change its response to end-users midway.

Join RealMi Central on Telegram, Facebook & Twitter

However, in addition to running docx, pdf, py or rar files, the vulnerability will still trigger Windows security warnings. In order to work, the user must click “Yes” or “Run” in the dialog box. Therefore, users should be careful when these windows appear when running WinRAR. In order for an attacker to perform malicious actions, he also needs to be able to enter the same network domain as the target.

Sakovskiy also pointed out that the early version of WinRAR may perform remote code execution through the more well-known vulnerability CVE-2018-20250 in 2019, so it is urgent to upgrade to the new version as soon as possible. If you are not sure which version of WinRAR you are running, after opening the program, click “Help” at the top of the window, and then click “About WinRAR”. Of course, switching to 7-Zip is also a good way.

Leave a Comment