According to a report this morning from SonicWall, a vulnerability that could allow remote code execution has been discovered in WinRAR. This software vulnerability exposes the half a billion users of this Windows unarchiver. The vulnerability exploited is detailed by MITRE in CVE-2018-20250.
To find out if you are vulnerable, check to see if your WinRAR version is anything prior to WinRAR prior to 5.70 beta 1.
The fix is to update your software to the latest WinRAR version to resolve the issue.
For those not familiar with WinRAR, according to Wikipedia, “WinRAR is a trialware file archiver utility for Windows, developed by Eugene Roshal of win.rar GmbH. It can create and view archives in RAR or ZIP file formats, and unpack numerous archive file formats. To enable the user to test the integrity of archives, WinRAR embeds CRC32 or BLAKE2 checksums for each file in each archive. WinRAR supports creating encrypted, multi-part and self-extracting archives.”
Update: According to a March 23 2019 report by SonicWall, this WinRAR vulnerability is now being exploited in the wild.
“There have been two major exploits of this vulnerability, one targeting Ukraine with an Ukrainian law related PDF document and another targeting users in the Middle East. Last week, SonicWall Capture Labs Threat Research team has observed another campaign targeting users in Chile. WinRAR vulnerability is the most sought after exploit used by both cyber criminals and nation state actors.”
The security news brief from SonicWall also details the infection cycle of a WinRAR exploit. Be on guard!