WinRAR contains a critical flaw that can enable remote code execution on Windows versions due to improper management of file paths. The vulnerability, identified by Trend Micro's Zero Day Initiative, could allow hackers to write files to sensitive directories, leading to potential code execution upon system login. To exploit this flaw, user interaction is necessary, requiring victims to open malicious files or visit harmful pages. RARLAB recommends that all users update to version 7.12 to mitigate the risk associated with this security issue.
A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user.
This flaw could be exploited to place files in sensitive locations - such as the Windows Startup folder - potentially leading to unintended code execution on the next system login.
User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
We encourage all users to update their software to the latest version.
Collection
[
|
...
]