Security News > 2021 > October > Bug in Popular WinRAR Software Could Let Attackers Hack Your Computer
A new security weakness has been disclosed in the WinRAR trialware file archiver utility for Windows that could be abused by a remote attacker to execute arbitrary code on targeted systems, underscoring how vulnerabilities in such software could be?ome a gateway for a roster of attacks.
Tracked as CVE-2021-35052, the bug impacts the trial version of the software running version 5.70.
"This vulnerability allows an attacker to intercept and modify requests sent to the user of the application," Positive Technologies' Igor Sak-Sakovskiy said in a technical write-up.
On top of that, an attacker already having access to the same network domain can stage ARP spoofing attacks to remotely launch applications, retrieve local host information, and even run arbitrary code.
"One of the biggest challenges an organization faces is the management of third-party software. Once installed, third-party software has access to read, write, and modify data on devices which access corporate networks," Sak-Sakovskiy noted.
"It's impossible to audit every application that could be installed by a user and so policy is critical to managing the risk associated with external applications and balancing this risk against the business need for a variety of applications. Improper management can have wide reaching consequences."
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-23 | CVE-2021-35052 | Improper Privilege Management vulnerability in Kaspersky Password Manager 9.0.2 A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High. | 7.8 |