New WinRAR Trial Version Vulnerability Let Hackers Execute Arbitrary Code on Windows

A critical vulnerability that exists in the WinRAR file archiver has been detected recently by the security expert of Positive Technologies, Igor Sak-Sakovskiy. And this security flaw enables the hackers to execute arbitrary code on Windows systems.

WinRAR is an application for managing archive files on Windows operating systems. It allows for the creation and unpacking of common archive formats such as RAR and ZIP.

This vulnerability has been identified as CVE-2021-35052, and this is being used to demonstrate trial period termination messages.

The vulnerability occurred due to the use of the wrongly configured web browser module by the web notifier component. In order to convey out a MITM attack via this vulnerability, the threat actors need to generate a malicious Wi-Fi access point, and then they need to hack a router and spoof DNS, or they can also be on the same network along with the victim. 

Verdicts

This vulnerability has been detected during a regular examination by chance in WinRAR version 5.70. Soon after detecting this error, the experts got confused as it was shown that the Internet Explorer engine is executing this error window. 

It took some time for the experts to understand the error, and after a few trials, the experts noted the exact issue. However, the window that has been detected uses mshtml.dll implementation for Borland C++ in which WinRAR has been written.

RCE

In this vulnerability, the security analysts have performed the man-in-the-middle attack which requires ARP-spoofing, that’s why they have considered that a possible attacker already has a way to the same network domain.

The code depicts the spoofed response showing several possible attack vectors such as:-

  • Running applications
  • Retrieving local host information
  • Running the calculator application

All the attack vectors mentioned above were successful but they noted that many results in an additional Windows security warning. And here below we have also mentioned the file types that can be run without any security warning:-

  • .DOCX
  • .PDF
  • .PY
  • .RAR

This vulnerability is destructive in nature and it comes as a challenge that is being faced by many organizations.

However, it works as a third-party app, which when gets installed the third-party software gets the exact access to read, write, and modify data on targeted devices that access corporate networks.

Apart from this, a user wouldn’t be able to audit every installed application, in short, it’s quite critical for the users to manage the connected risk with external apps.

So, a variety of applications were needed to manage balance this risk, and not only that even it may have negative consequences due to improper management.

Looking for Best WAF Solutions for your web applications environment?? Register for Free WAF webinar & explore the experts thoughts and Choose the Best one.. Very limited seats available.. grab it here at ProPhaze.

You can follow us on LinkedinTwitterFacebook for daily Cyber security and hacking news updates.