We regret to inform you there's an RCE vuln in old version of WinRAR. Yes, the file decompression utility

Thursday 21st October 2021 16:44 GMT amanfromMars 1

For the Greater Benefit of Almightily Attractive Mutually Beneficial Advantage Rigging Leaderships.

"This opens up the application to many of the vulnerabilities which web applications face within a desktop application. The end result is the threat profile being increased."

And prime premium endless results deliver the threat profile being increased and improved beyond all reasonable expectation and systemic ken/operational knowledge.

And that's a Venerable and Certifiable and Virtually Verifiable Greater IntelAIgent Game Changer ...... at least, putting in an appearance just in time and at long last, too.

What say yous/US ‽ .

3 17 Reply
1. Thursday 21st October 2021 17:53 GMT Clausewitz 4.0
  
  Re:For the Greater Benefit of Almightily Attractive Mutually Beneficial Advantage
  
  A Sino+Soviet+Extras pact can bring balance to the force. Some folks are 100% nationalist. Some folks also are true capitalists.
  
  0 4 Reply
  1. Saturday 23rd October 2021 08:08 GMT amanfromMars 1
    
    Re: Re:For the Greater Benefit of Almightily Attractive Mutually Beneficial Advantage
    
    A Sino+Soviet+Extras pact can bring balance to the force. Some folks are 100% nationalist. Some folks also are true capitalists. .... Clausewitz 4.0
    
    A Sino+Soviet+Extras PACT* would irreversibly change and fundamentally redistribute the dynamic direction and ownership of force to relatively anonymous and practically novel, noble players and Stateless Virtual ACTors [Advanced Cyber Threat/Treat Providers]
    
    PACT* ..... Persistent ACTive Cyber Threat/Treat
    
    The abiding great temptation then for those, is not to resist the lure to venture into the wares and too enthusiastically sample the fares of the ignoble which would have one then self-identified as an enemy to others who mistook you for a friend in deed in need of feed and seeds.
    
    1 2 Reply
Thursday 21st October 2021 17:05 GMT bombastic bob

at least in Russia

At least in Russia, when you discover security-related bugs in software, you can report them to the world without being SUED or THREATENED WITH PROSECUTION

(even if maybe Vlad & comrades have to get the heads-up on the new vulnerability FIRST?)

11 4 Reply
1. Thursday 21st October 2021 22:26 GMT Gene Cash
  
  Re: at least in Russia
  
  Hey, with the stupid antics of the Missouri governor, this is actually one time Bombastic Bob is right.
  
  That idiot is doubling down and still trying to pursue actual criminal charges against the journalist reporting a vulnerability. He hasn't backed off.
  
  6 0 Reply
  1. Friday 22nd October 2021 02:54 GMT sanmigueelbeer
    
    Re: at least in Russia
    
    That idiot is doubling down and still trying to pursue actual criminal charges against the journalist reporting a vulnerability. He hasn't backed off.
    
    No one can fix "stupid". No one.
    
    3 0 Reply
2. This post has been deleted by its author
Thursday 21st October 2021 19:30 GMT Luiz Abdala

LGR has WinRAR registered.

I know at least one person on this planet has the REGISTERED VERSION of WinRAR.

Clint, from LGR - Lazy Game Reviews YT Channel - bought and registered WinRAR, for the funsies.

Yes, he bought and registered WinRAR, which in turned sent him a pressed CD with multiple versions for Windows, including Windows 3.11, 98, XP, NT and 10.

I wonder how the vulnerability is bypassed on the registered version.

8 0 Reply
1. Thursday 21st October 2021 20:15 GMT rcxb1
  
  Re: LGR has WinRAR registered.
  
  https://pbs.twimg.com/media/Ew_lnXWUcAIJIcq?format=jpg&name=small
  
  1 0 Reply
2. Friday 22nd October 2021 05:17 GMT Joe W
  
  Re: LGR has WinRAR registered.
  
  If you use freeware and find it useful: chuck some quid to the dev or try and give back to the community - especially the really small teams appreciate it. You'd buy them a coffee if you met them, right? So do that online - now (maybe find one that makes it simple to donate through PayPal or whatever).
  
  That reminds me: I need to pick up that stuff myself again: I don't write C/C++, at least not well enough to meaningfully contribute there[*], so I did translations. There are short texts (like package descriptions) that do need some (a lot of) care and attention, and since they are short you can do maybe one per week without overextending yourself. The point is: there is work besides programming in open source projects.
  
  [*] maybe I should find a Fortran project? Or maybe get into helping with some of the R libraries.
  
  5 0 Reply
  1. Monday 25th October 2021 12:19 GMT Luiz Abdala
    
    Re: LGR has WinRAR registered.
    
    I did translations myself, but for one specific app where the guy had a button on *every* command that needed translation and you could post suggestions. I don't even remember what it did.
    
    You would choose the language you wanted to use, and the app would place the button for every command that had no translation, while letting you see the english (as expected, right?).
    
    Pretty smart code, if you ask me. And I said *suggestions*, otherwise there would be funny people throwing colorful words in the app.
    
    He had the app translated in no time, since I took it as a pet project. It was a one-off thing by that programmer, but the app worked flawlessly.
    
    0 0 Reply
3. Monday 25th October 2021 19:02 GMT BenDwire
  
  Re: LGR has WinRAR registered.
  
  Well, I had a registered version too - back in the days when it was a German company (v3.4). Mind you, I also paid for WinZip, such was my conviction that I should pay for all software that I used to ultimately make lots of money from products I designed.
  
  I've even donated to numerous open source projects over the years - and why not?
  
  0 0 Reply
Thursday 21st October 2021 22:13 GMT Anonymous Coward

hijacked dialog box

So the exploit depends on the user opening WinRAR, then doing whatever step opens the vulnerable dialog box, all while the attacker has poisoned their arp cache to redirect to an evil site?

What am I missing? That vector seems pretty unlikely, especially for the common use case of a forgotten installation of WinRAR? If the exploit was triggered by an evil .rar file, that's a different story.

3 0 Reply
1. Friday 22nd October 2021 05:06 GMT Joe W
  
  Re: hijacked dialog box
  
  And why on earth does this program even open that http connection? For the nag-screen? I find this more of a problem than the attack itself.
  
  Making a trial version with a nag screen and a full version without does not seem like too much of a problem. Yeah, once you do it with license keys that the user can enter those will pop up on some BBS or another (or WaReZ-sites, however these are called these days). The full version will also end up there, though. Lost battle and all.
  
  0 0 Reply
2. Friday 22nd October 2021 07:00 GMT chuBb.
  
  Re: hijacked dialog box
  
  Yup it's pretty low risk on its own, as a reinfection vector it's pretty nasty.
  
  This sort of thing is exactly the sort of flaw that would let malware back in. I. E. Bot net c2 sends out a disinfect command and so appears to be off the machine, leaves behind any number of methods to fart about with dns, winrar nag screen exploited to call home to c2 or new package dropper and your reinfected. So wouldn't be surprised if similar flaws are actively used to resurrect botnets
  
  1 0 Reply
Friday 22nd October 2021 00:19 GMT Hey Lobotoman! CALL -151!

Gently nagging?

"...a free trial licence before gently nagging users to buy a licence."

Gently nagging? I must have installed an earlier version...

2 0 Reply
Friday 22nd October 2021 01:14 GMT Geoffrey W

Surely the only reason to use WinRAR is to write it's proprietary RAR files, and who really needs to do that? Just install 7Zip. It opens RAR files even if it can't write them, and it even opens some old virtual hard disks I was wondering how to get files out of; 7Zip did it! I love 7Zip so much I asked it to marry me; It said no and my wife objected but...oh well, we'll just have to stay friends.

7 0 Reply
1. Friday 22nd October 2021 02:57 GMT sanmigueelbeer
  
  Yes, 7-Zip is a good alternative.
  
  0 0 Reply
2. Friday 22nd October 2021 03:05 GMT logicalextreme
  
  I'd forgotten WinRAR even existed till I saw this article. Now I'm seriously wondering if there are still people out there rocking PKZIP.
  
  1 0 Reply
  1. Friday 22nd October 2021 05:01 GMT Joe W
    
    Oooh, might have that on a floppy somewhere... or maybe I disposed of it. I dumped all of the no-longer-working ones. The 3.5" floppy really was a WORN medium (write once read never).
    
    1 1 Reply
    1. Saturday 23rd October 2021 15:27 GMT Anonymous Coward
      
      "The 3.5" floppy really was a WORN medium (write once read never)."
      
      Eh... it was more of a WORRIED medium (Write Often Read Regularly Important Eventually Disappears).
      
      If you bought good disks, treated them with moderate care, and operated your drives in a relatively clean environment, things were good. If your drive was filled with dust bunnies, your disk stock was old AOL disks with new labels slapped on, and you tossed them on the dashboard of your car for weeks on end, you had less reliable results.
      
      1 0 Reply
  2. This post has been deleted by its author
3. Friday 22nd October 2021 08:39 GMT dhawkshaw
  
  Another nod to 7zip from me.
  
  TBF the only time I see .rar files anyway, they are used as a carrier for a malware payload. All rar files we receive via email are quarantined on sight. It's probably last century when I last saw a legit one.
  
  2 0 Reply
  1. Friday 22nd October 2021 12:59 GMT ThatOne
    
    > It's probably last century when I last saw a legit one.
    
    You saw a legit one???
    
    1 0 Reply
  2. Friday 22nd October 2021 14:50 GMT Anonymous Coward
    
    RAR = rare
    
    Yep. My instinctive thought about RAR files is that they are probably warez or otherwise something up to no good.
    
    Maybe it's because I'm not a Windoze user, but it has always struck me as one of those "OK, it exists, but why on earth is anyone using it" obscure archive formats…
    
    I mean there's Zip, tar.gz, even LhA, and many more newer compression formats, but RAR has always struck me as a particularly weird one, especially given that there are few ways to create RAR archives with free software. Why did it ever catch on to even a slight extent?
    
    2 0 Reply
  3. Monday 25th October 2021 14:19 GMT Disgusted Of Tunbridge Wells
    
    Pirated content on Usenet still uses the rar format
    
    0 1 Reply
4. Friday 22nd October 2021 14:55 GMT Hubert Cumberdale
  
  I see RAR files quite often when I get bundles of LaTeX files from Chinese scientists. Apparently, there's a free Chinese version for some reason. Although I still have no idea why they don't just use the universally accessible ZIP format – as far as I can tell, RAR offers no advantages at all. I just use 7Zip to deflate them and send them back a normal ZIP in the hope that they'll get the message.
  
  0 0 Reply
This post has been deleted by its author
Friday 22nd October 2021 13:28 GMT Timbo

well, well, well

I never knew that WinRAR was now owned by a Russian company.

But what a wheeze it would be to announce that a vulnerability had been found, get everyone to update their old versions (which might not even have such a vulnerability) and let them upgrade to a new version that, while being fixed for the original vuln, now contains some "phone back home" code, to some Russian website somewhere, owned by a dodgy ransomware oligarch?

1 1 Reply
1. Saturday 23rd October 2021 04:45 GMT Claverhouse
  
  Re: well, well, well
  
  Well, it was invented by a Russian.
  
  .
  
  .
  
  As for Positive Technologies, the Russian company was sanctioned by the US government earlier this year, with America alleging the firm had passed vulns to Russian state hackers instead of disclosing them.
  
  I wonder if any Americans have ever disclosed vulnerabilities to the 3-letter idiots before anyone else and been prosecuted for that ?
  
  Or indeed if the American agencies themselves ever discovered such exploits and kept them to themselves ? It would make them unspeakable hypocrites.
  
  0 0 Reply
2. Sunday 24th October 2021 13:53 GMT Anonymous Coward
  
  Re: well, well, well
  
  Yes. Oh those Sovie^HRussians, they're at it again.
  
  This is exactly how they operate. There is no proof whatsoever but we have high confidence that it must be Russians. It is always Russians.
  
  0 0 Reply