WinRAR Flaw Let Attackers Deceive Users with ANSI Escape Sequences
A main vulnerability has been stumbled on in WinRAR, a popular file compression and archiving utility for Windows.
The flaw, tracked as CVE-2024-36052, affects WinRAR variations sooner than 7.00 and permits attackers to spoof the show camouflage camouflage output the exercise of ANSI come by away sequences.
The difficulty arises from WinRAR’s lack of correct validation and sanitization of file names inner ZIP archives. Siddharth Dushantha identified the vulnerability.
When a specially crafted ZIP archive containing a file with ANSI come by away sequences in its name is extracted the exercise of WinRAR, the software fails to effectively tackle the come by away sequences.
As a change, it interprets them as adjust characters, allowing attackers to manipulate the displayed file name and potentially trick customers into running malicious info.
ANSI come by away sequences are special codes weak to manipulate the formatting and look of text in uncover-line interfaces and terminals. Most sequences initiating with an ASCII come by away personality (ESC, x1B) followed by a bracket personality ([)andareembeddedintothetext[)andareembeddedintothetext
By crafting malicious archives containing these sequences, attackers can manipulate the displayed output and deceive customers into believing they are opening a innocent file, equivalent to a PDF or describe.
When a user makes an attempt to open the apparently benign file from inner WinRAR, the vulnerability is triggered in consequence of gallop facing of file extensions.
As a change of launching the anticipated file, WinRAR’s ShellExecute purpose receives an wrong parameter and executes a hidden malicious script, equivalent to a batch file (.bat) or uncover script (.cmd), Dushantha mentioned.
This script can then set up malware on the sufferer’s instrument whereas simultaneously exhibiting the decoy document to absorb far from elevating suspicion.
It’s predominant to illustrate that this vulnerability is particular to WinRAR on Windows and differs from CVE-2024-33899, which affects WinRAR on Linux and UNIX platforms.
WinRAR’s Linux and UNIX variations are also inclined to show camouflage camouflage output spoofing and denial-of-service assaults through ANSI come by away sequences.
To mitigate the utter posed by this vulnerability, customers are informed to update to WinRAR version 7.00 or later, which choices a repair for the difficulty.
Moreover, exercising warning when opening archives from untrusted sources and enabling file extension visibility in Windows can again forestall this kind of attack.
The vulnerability used to be publicly disclosed on Could presumably perhaps also honest 23, 2024, and it will seemingly be wanted for WinRAR customers to take hold of instantaneous motion to give protection to their systems from doubtless exploitation by malicious actors.
Source credit : cybersecuritynews.com