[MART] - Daily Diary #374 - New Vulnerability In WinRAR Extractor

CTAS-MAT ctas-mat at appgate.com
Thu Oct 21 18:46:24 UTC 2021


Hello,

I hope everyone is doing well!

Below is the entry for today.

10/21/2021 - Diary entry #374:


WinRAR is a popular archiver extractor tool with over 500 million users worldwide. A new vulnerability, tracked as CVE-2021-35052, was recently discovered in version 5.70 of the WinRAR software. It allows an attacker to intercept and modify requests sent to the user of the application at the end of the trial period of the software.


An attacker already in the same network would need to use the ARP-spoofing attack to intercept the response code sent when WinRAR alerts the end of the trial period. Next, redirect the request to an attacker-controlled malicious domain. Then, the attacker can launch applications or run malicious code if the user clicks on the "Run" button shown in a security warning. However, there are some file types that are not warned, such as "docx", "pdf", "py", and "rar".


This attack vector can be used during an operation to deploy a ransomware for instance. And if the WinRAR version is earlier than 5.70, the attackers can achieve Remote Code Execution (RCE), using an exploit to explore the CVE-2018-20250 bug.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Tarijon de Almeida
Malware Analyst
Appgate

E: felipe.tarijon at appgate.com<mailto:felipe.tarijon at appgate.com>
O: +55 11 97467 9549

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/mart/attachments/20211021/8ff8b7e0/attachment.htm>


More information about the MART mailing list