The attacker would also need to have access to the same network domain as the target. Thus, users should be careful when these windows appear while running WinRAR. To work, users have to click "Yes" or "Run" on the dialog box. However, the exploit still triggers Windows security warnings except when running a docx, pdf, py, or rar file. Investigating further, they found it possible to intercept WinRAR's connection to the internet and change its responses to the end-user. Researchers discovered the vulnerability when they noticed a JavaScript error in version 5.70 by chance. You can download it from TechSpot downloads section or from the WinRAR website. The vulnerability affects WinRAR trial version 5.70, but not the latest iteration (v. Web security researcher Igor Sak-Sakovskiy published an article on October 20 detailing the WinRAR vulnerability with the assigned Common Vulnerabilities and Exposures ID CVE-2021-35052. It allows for remote code execution-essentially allowing an attacker to intercept and change requests sent to WinRAR users.
In brief: Last week, a researcher discovered a vulnerability in older trial versions of the WinRAR file compression software.
0 kommentar(er)
