Remote code execution vulnerability found in older versions of WinRAR, update it now

Last week, a researcher discovered a vulnerability in older trial versions of the WinRAR file compression software. It allows for remote code execution—essentially allowing an attacker to intercept and change requests sent to WinRAR users.

Web security researcher Igor Sak-Sakovskiy published an article on October 20 detailing the WinRAR vulnerability with the assigned Common Vulnerabilities and Exposures ID CVE-2021-35052. The vulnerability affects WinRAR trial version 5.70, but not the latest iteration (v. 6.02), which developers updated in July. You can download it from TechSpot downloads section or from the WinRAR website.

Researchers discovered the vulnerability when they noticed a JavaScript error in version 5.70 by chance. Investigating further, they found it possible to intercept WinRAR’s connection to the internet and change its responses to the end-user.

However, the exploit still triggers Windows security warnings except when running a docx, pdf, py, or rar file. To work, users have to click “Yes” or “Run” on the dialog box. Thus, users should be careful when these windows appear while running WinRAR. The attacker would also need to have access to the same network domain as the target.

Sakovskiy also notes that earlier versions of WinRAR are vulnerable to remote code execution through the more well-known exploit CVE-2018-20250 from 2019.

If you’re unsure which version of WinRAR you have, after opening the program, click “help” at the top of the Window, then click “About WinRAR.” For those who would prefer to switch, a good alternative program is 7-Zip, also available from TechSpot downloads.