SIMonline

Service receive & sending SMS

Cyberattacks using the WinRAR ACE archive

185   |     /   Security

Cyberattacks using the WinRAR ACE archive
WinRAR, a popular data compression tool used by more than 500 million users around the world, is vulnerable to serious vulnerabilities that could allow arbitrary code execution through specially created ACE archives.



Take a free phone number to receive SMS Ukraine when you register and confirm your account on a suspicious site. This will keep your phone number safe.

Tests conducted by researchers at Check Point Software Technologies using the WinAFL fuzzer led to a security error in the unacev2.dll library used by WinRAR to decompress ACE archives.

The library is vulnerable to vulnerabilities (CVE-2018-20250), which allows attackers to create an ACE archive that extracts files to an arbitrary folder on the system.

Check Point researchers have shown that a security hole can be used to extract a harmless file to the destination folder selected by the user, as well as to extract the malicious file to the location specified by the attacker. An attacker can, for example, extract some of the malware into the Windows startup folder, and it will be launched the next time the operating system boots.

The cybersecurity firm reported its findings to WinRAR RARLab, who decided that the best way to protect users from potential attacks is to remove support for ACE archives. This solution has been implemented since the release of WinRAR 5.70 beta 1.

RARLab says that unacev2.dll has not been updated since 2005, and the company no longer has access to its source code.

The following CVEs were assigned to other WinRAR vulnerabilities discovered by Check Point during the fuzzing project: CVE-2018-20251, CVE-2018-20252, and CVE-2018-20253. The company has published technical details and a video showing the exploit in action.




The popularity of WinRAR may make it a tempting target for attackers. Although no WinRAR vulnerabilities have been discovered over the past three years, the lack of a backup tool was used in cyber espionage campaigns back in 2014.

Vulnerabilities in WinRAR are still valuable. Zerodium, an exploit acquisition firm, offers up to $ 80,000 for remote code execution errors, and last year it offered as much as $ 100,000.


Similar news


Vulnerability of Drupal Could Allow Remote Code Execution

Security updates released for the Drupal Content Management System (CMS) fix an “extremely critical” vulnerability that can be used to remotely execute code.

Cloud Security Issues

Companies are increasingly moving sensitive data to the cloud, but cybersecurity, including the human factor and technology, is still a problem for many, according to a new report published by Oracle and KPMG.

Vulnerability of WP Cost Assessment Plugin, Crash for WordPress Sites

Enemies can hack WordPress sites using vulnerabilities in a rather popular plugin called WP Cost Assessment & Payment Forms Builder.



SIMONLINE.SU

This is not only a service for receiving and sending SMS messages to virtual numbers, but also a tutorial on user safety in the modern world, the latest developments in IT, social media security, fresh programs and lessons that simplify our lives. So are other issues encountered by the average user. In simple words, each user will find for themselves something interesting or answers to their questions.

SIMonline © 2018 - 2020

All rights reserved