A new security flaw in the WinRAR trialware file archiver programme for Windows has been discovered, which might be exploited by a remote attacker to execute arbitrary code on targeted systems, highlighting how software flaws can serve as a gateway for a variety of assaults.
The bug, tracked as CVE-2021-35052, affects the trial version of the software running version 5.70. In a technical write-up, Positive Technologies' Igor Sak-Sakovskiy stated, "This vulnerability allows an attacker to intercept and change requests sent to the user of the application. This can be used to get remote code execution (RCE) on the PC of a victim."
Before gently urging customers to acquire a license, WinRAR offers a free trial license. The .rar archive, with which it is most closely connected, is not opened by Windows Explorer, hence WinRAR is popular among individuals who need to work with the format, or who just had to download a .rar archive once and required software to open it.
An investigation into WinRAR began after Sak-Sakovskiy noticed a JavaScript error rendered by MSHTML, a proprietary browser engine for the now-defunct Internet Explorer that is used in Office to render web content inside Word, Excel, and PowerPoint documents, leading to the discovery that the error window is displayed once every three times when the application is launched after the trial period has expired.
Positive Technologies discovered that by intercepting the response code sent when WinRAR notifies the user about the end of the free trial period via "notifier.rarlab[.]com" and changing it to a "301 Moved Permanently" redirect message, the redirection to an attacker-controlled malicious domain could be cached for all subsequent requests.
An almost two-decades-old flaw was discovered in WinRAR a few years ago, impacting an older file compression format initially developed in the 1990s. Positive Technologies was sanctioned by the US government earlier this year after the US claimed the company had transferred vulnerabilities to Russian state hackers rather than revealing them. The company has categorically disputed these allegations and continues to publish security research.
Application security expert Sean Wright said of the vulnerability, "Remote Code Execution vulnerabilities should always be taken seriously and handled with a sense of urgency, as the risk they pose is significant. Even so, in the case of WinRAR's vulnerable trial, the likelihood of an attacker being able to successfully exploit the vulnerability in question seems fairly limited, as there are a number of conditions and stages that the victim would need to fulfill before the attacker could achieve RCE."