A remote code execution vulnerability was found in the old version of WinRAR, please update now
Last week, a researcher discovered a vulnerability in an old trial version of WinRAR file compression software. It allows remote code execution, allowing attackers to intercept and change requests sent to WinRAR users.Cyber Security Researcher Igor
Sak-Sakovskiy published an article on October 20, detailing the vulnerabilities of WinRAR and specifying common vulnerabilities and exposed IDs
The vulnerability affects the WinRAR trial version 5.70, but does not include the latest version (version 6.02). The developer updated this version in July, which means that the solution has been provided, but the user needs to implement a manual upgrade as soon as possible.
However, in addition to running docx, pdf, py or rar files, the vulnerability will still triggerWindowssafety warning. In order to work, the user must click “Yes” or “Run” in the dialog box. Therefore, users should be careful when these windows appear when running WinRAR. In order for an attacker to perform malicious actions, he also needs to be able to enter the same network domain as the target.
Sakovskiy also pointed out that the early version of WinRAR may perform remote code execution through the more well-known vulnerability CVE-2018-20250 in 2019, so it is more urgent to upgrade to the new version as soon as possible.
If you are not sure which version of WinRAR you are running, after opening the program, click “Help” at the top of the window, and then click “About WinRAR”. Of course, switching to 7-Zip is also a good way.