WinRAR Flaw Let Attackers Deceive Users with ANSI Escape Sequences
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
A critical vulnerability has been discovered in WinRAR, a popular file compression and archiving utility for Windows.
The flaw, tracked as CVE-2024-36052, affects WinRAR versions prior to 7.00 and allows attackers to spoof the screen output using ANSI escape sequences.
The issue arises from WinRAR’s lack of proper validation and sanitization of file names within ZIP archives. Siddharth Dushantha identified the vulnerability.
When a specially crafted ZIP archive containing a file with ANSI escape sequences in its name is extracted using WinRAR, the application fails to properly handle the escape sequences.
Instead, it interprets them as control characters, allowing attackers to manipulate the displayed file name and potentially trick users into running malicious files.
ANSI escape sequences are special codes used to control the formatting and appearance of text in command-line interfaces and terminals. Most sequences start with an ASCII escape character (ESC, \x1B) followed by a bracket character ([) and are embedded into the text.
When a user attempts to open the seemingly benign file from within WinRAR, the vulnerability is triggered due to improper handling of file extensions.
Instead of launching the expected file, WinRAR’s ShellExecute function receives an incorrect parameter and executes a hidden malicious script, such as a batch file (.bat) or command script (.cmd), Dushantha said.
This script can then install malware on the victim’s device while simultaneously displaying the decoy document to avoid raising suspicion.
It’s important to note that this vulnerability is specific to WinRAR on Windows and differs from CVE-2024-33899, which affects WinRAR on Linux and UNIX platforms.
WinRAR’s Linux and UNIX versions are also susceptible to screen output spoofing and denial-of-service attacks via ANSI escape sequences.
To mitigate the risk posed by this vulnerability, users are advised to update to WinRAR version 7.00 or later, which includes a fix for the issue.
Additionally, exercising caution when opening archives from untrusted sources and enabling file extension visibility in Windows can help prevent this type of attack.
The vulnerability was publicly disclosed on May 23, 2024, and it is crucial for WinRAR users to take immediate action to protect their systems from potential exploitation by malicious actors.
#Cyber_Security_News #Vulnerability #cyber_security_news #vulnerability #winrar
Оригинальная версия на сайте:
WinRAR Flaw Let Attackers Deceive Users with ANSI Escape Sequences
Author: Guru BaranA critical vulnerability has been discovered in WinRAR, a popular file compression and archiving utility for Windows.
The flaw, tracked as CVE-2024-36052, affects WinRAR versions prior to 7.00 and allows attackers to spoof the screen output using ANSI escape sequences.
The issue arises from WinRAR’s lack of proper validation and sanitization of file names within ZIP archives. Siddharth Dushantha identified the vulnerability.
When a specially crafted ZIP archive containing a file with ANSI escape sequences in its name is extracted using WinRAR, the application fails to properly handle the escape sequences.
Instead, it interprets them as control characters, allowing attackers to manipulate the displayed file name and potentially trick users into running malicious files.
ANSI escape sequences are special codes used to control the formatting and appearance of text in command-line interfaces and terminals. Most sequences start with an ASCII escape character (ESC, \x1B) followed by a bracket character ([) and are embedded into the text.
When a user attempts to open the seemingly benign file from within WinRAR, the vulnerability is triggered due to improper handling of file extensions.
Instead of launching the expected file, WinRAR’s ShellExecute function receives an incorrect parameter and executes a hidden malicious script, such as a batch file (.bat) or command script (.cmd), Dushantha said.
This script can then install malware on the victim’s device while simultaneously displaying the decoy document to avoid raising suspicion.
It’s important to note that this vulnerability is specific to WinRAR on Windows and differs from CVE-2024-33899, which affects WinRAR on Linux and UNIX platforms.
WinRAR’s Linux and UNIX versions are also susceptible to screen output spoofing and denial-of-service attacks via ANSI escape sequences.
To mitigate the risk posed by this vulnerability, users are advised to update to WinRAR version 7.00 or later, which includes a fix for the issue.
Additionally, exercising caution when opening archives from untrusted sources and enabling file extension visibility in Windows can help prevent this type of attack.
The vulnerability was publicly disclosed on May 23, 2024, and it is crucial for WinRAR users to take immediate action to protect their systems from potential exploitation by malicious actors.
#Cyber_Security_News #Vulnerability #cyber_security_news #vulnerability #winrar
Оригинальная версия на сайте:
