Web security researcher Igor Sak-Sakovskiy discovered a remote code execution vulnerability in older trial versions of WinRAR file compression software. This vulnerability essentially allows an attacker to intercept and modify requests sent to WinRAR users.

The researcher published a paper detailing the WinRAR vulnerability with the ID CVE-2021-35052 on October 20. The vulnerability affects the trial version of WinRAR 5.70, but is completely disabled in version 6.02, which the developers released in July.

Researchers accidentally discovered this flaw when they noticed a different JavaScript bug in version 5.70. After further investigation, they found that it is possible to disconnect WinRAR from the internet and change the yellow color it gives to the end user.

Also, this can still trigger Windows security warnings, except when running an open docx, pdf, py, or rar file. To run, users need to click “Yes” or “Run” in the dialog. Therefore, users should pay attention to these windows when running WinRar.

Sakovskiy stated that previous versions of WinRAR as of 2019 were vulnerable to remote code execution due to other vulnerabilities with the code CVE-2018-20250. If you do not know which version of the application you are using, after opening WinRAR, you can click “Help” at the top and then “About WinRAR”. You can also download the current version from the WinRAR website.

Like it? Share with your friends!

Michael Lewis


Your email address will not be published. Required fields are marked *