Attackers are actively exploiting vulnerability in UnRAR

Written by ebookingservices

In addition to the vulnerability in UnRAR, another bug patched in August that is actively being exploited by malicious actors is DogWalk, which affects Windows.

The United States National Cyber ​​Security Agency (CISA) added to its vulnerability catalog that a recently discovered flaw in UnRAR and the vulnerability dubbed DogWalk affecting Windows are being actively exploited.

About vulnerability in UnRAR

registered as CVE-2022-30333, it is a path traversal vulnerability in the version of RAR for Linux and UNIX systems. If successfully exploited, a malicious actor is capable of downloading arbitrary files to the victim’s system just by decompressing a RAR file.

The vulnerability, which affects any version of Linux and UNIX that uses UnRAR, received a score of 7.5 on the CVSS severity scale and was disclosed in June.

SonarSOurce researchers were the ones who discovered the bug and published a report in which they explained how it could be used to compromise a Zimbra webmail service server and gain access to the mail server.

In the specific case of Zimbra, because the service uses UnRAR to automatically extract attachments and scan them for malware or spam, an attacker could send an email with a RAR file attached and compromise the victim without requiring them to interact with Zimbra. the attachment.

For its part, Rarlab launched in May the version 6.12 containing the patch that fixes CVE-2022-30333 in all versions of RAR for Linux and UNIX.

About the DogWalk vulnerability

In addition to the UnRAR bug, CISA also added a bug in Windows to its list of vulnerabilities known to be used by malicious actors. More specifically, the vulnerability dubbed DogWalk lies in a component of the Windows MSDT (MicrosoftSupport Diagnostic Tool). This is a remote code execution (RCE) vulnerability, logged as CVE-2022-34713, which allows an attacker to implant executable malware in the Windows startup folder. Although this flaw had been reported in 2020, Microsoft considered at the time that it did not represent a security risk, but recently a researcher demonstrated the scope of this flaw.

After this, Microsoft released a patch to fix the bug in the August 2022 update and confirmed that it is being used by attackers in malicious campaigns.

About the author


Leave a Comment