The vulnerability in WinRAR trialware could be abused by a remote attacker for executing arbitrary code on any system thus, getting an opportunity to launch a range of attacks.
According to a report from Positive Technologies, a remote code execution vulnerability was identified in a free trial version of WinRAR. The vulnerability was discovered in the software’s trialware file archiver utility.
SEE: Hackers are using 19-year-old WinRAR bug to install nasty malware
In a technical writeup, Igor Sak-Sakovskiy from Positive Technologies wrote that the bug can be exploited “to achieve remote code execution (RCE) on a victim’s computer.” On June 14, 2021, the issue was addressed with the release of WinRAR v. 6.02.
About WinRAR Trialware
WinRAR has a free trial license before users can buy an actual license for the software. Windows Explorer doesn’t display this trial version’s compression format (.rar archive). Therefore, WinRAR is commonly used by those who work with this format or have to download a .rar archive for once to open a utility.
How the Bug was Exploited
Research conducted by the infosec firm revealed that the vulnerability in WinRAR trialware could be abused by a remote attacker for executing arbitrary code on
Read More: https://www.hackread.com/winrar-vulnerability-attackers-remotely-hijack-systems/