MitM attack in WinRAR



| Updated: 2021-11-29
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2021-35052
CWE-ID CWE-300
Exploitation vector Local network
Public exploit N/A
Vulnerable software
WinRAR
Client/Desktop applications / Software for archiving

Vendor RARLAB

Security Bulletin

This security bulletin contains information about 1 vulnerabilities.

Updated 15.11.2021

Added fixed version.

1) Man-in-the-Middle (MitM) attack

EUVDB-ID: #VU57604

Risk: Low

CVSSv3.1: 3 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35052

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists in the WinRar due to usage of Microsoft Internet Explorer component to display a trial notification message in a pop-up window. A remote attacker with ability to perform ARP-spoofing attack can supply a malicious file (e.g. a .rar file) to the WinRar application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

WinRAR: 5.00 - 6.10 beta 1

CPE2.3 External links

http://swarm.ptsecurity.com/winrars-vulnerable-trialware-when-free-software-isnt-free/
http://www.zerodayinitiative.com/advisories/ZDI-21-1335/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to open a a specially crafted archive.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###