Bug in popular WinRAR software could allow attackers to hijack your computer
A new security flaw has been revealed in the WinRAR test file archiver utility for Windows that could be exploited by a remote attacker to execute arbitrary code on targeted systems, highlighting how vulnerabilities in such software could become. a gateway for a list of attacks.
Tracked as CVE-2021-35052, the bug affects the trial version of software running version 5.70. “This vulnerability allows an attacker to intercept and modify requests sent to the application user,” Igor Sakovskiy of Positive Technologies said in a technical article. “This can be used to perform remote code execution (RCE) on a victim’s computer.”
By intercepting the response code sent when WinRAR alerts the user of the end of the free trial period via “notifier.rarlab[.]com ”and changing it to a“ 301 Moved Permanently ”redirect message, Positive Technologies discovered that it could be abused to cache the redirect to a malicious domain controlled by an attacker for all subsequent requests.
In addition to this, an attacker who already has access to the same network domain can stage ARP impersonation attacks to launch applications remotely, retrieve local host information, and even execute arbitrary code.
“One of the biggest challenges an organization faces is managing third-party software. Once installed, third-party software has access to read, write and modify data on devices that access corporate networks, ”noted Sak-Sakovskiy.
“It is impossible to audit all the applications that can be installed by a user. Policy is therefore essential for managing the risk associated with external applications and balancing that risk against the business needs for a variety of applications. Poor management can have far-reaching consequences.