WinRAR Trialware File Archiver Utility for Windows reveals new security weaknesses. This emphasizes that remote attackers could exploit it to execute arbitrary code on the targeted system, and such software vulnerabilities could be the gateway to the attack roster. I am.
This bug, tracked as CVE-2021-35052, affects trial versions of software running version 5.70. “This vulnerability allows an attacker to intercept and modify requests sent to users of an application,” said Igor Sak-Sakovskiy of Positive Technologies. Said In a technical article. “It can be used to perform remote code execution (RCE) on the victim’s computer.”
By intercepting the response code sent when WinRAR warns the user about the end of the free trial period via “notifier.rarlab”[.]”com” and it “301 Permanently move“Redirect messages, Positive Technologies, have been discovered to be exploited to cache redirects to malicious domains controlled by attackers for all subsequent requests.
What’s more, attackers who already have access to the same network domain can stage ARP spoofing Attacks that launch applications remotely, get localhost information, or execute arbitrary code.
“One of the biggest challenges organizations face is managing third-party software. Once installed, third-party software has access to read, write, and modify data on devices that access the corporate network. “Sak-Sakovskiy said.
“It is not possible to audit every application that a user can install, so policies are important to manage the risks associated with external applications and balance these risks with the business needs of different applications. Improper management can have widespread consequences. “
A bug in the popular WinRAR software could allow an attacker to hack your computer
http://feedproxy.google.com/~r/TheHackersNews/~3/KqcipixgtEg/bug-in-free-winrar-software-could-let.html A bug in the popular WinRAR software could allow an attacker to hack your computer