WinRAR vulnerability allowed attackers to remotely hijack systems

The vulnerability in WinRAR trialware could be abused by a remote attacker for executing arbitrary code on any system thus, getting an opportunity to launch a range of attacks.

According to a report from Positive Technologies, a remote code execution vulnerability was identified in a free trial version of WinRAR. The vulnerability was discovered in the software’s trialware file archiver utility.

SEE: Hackers are using 19-year-old WinRAR bug to install nasty malware

In a technical writeup, Igor Sak-Sakovskiy from Positive Technologies wrote that the bug can be exploited “to achieve remote code execution (RCE) on a victim’s computer.” On June 14, 2021, the issue was addressed with the release of WinRAR v. 6.02.

About WinRAR Trialware

WinRAR has a free trial license before users can buy an actual license for the software. Windows Explorer doesn’t display this trial version’s compression format (.rar archive). Therefore, WinRAR is commonly used by those who work with this format or have to download a .rar archive for once to open a utility.

How the Bug was Exploited

Research conducted by the infosec firm revealed that the vulnerability in WinRAR trialware could be abused by a remote attacker for executing arbitrary code on

Read More: https://www.hackread.com/winrar-vulnerability-attackers-remotely-hijack-systems/