Winrar, one of the most popular data compression and archiving tools has been found to have another vulnerability in it. This time the vulnerability could lead to attackers being able to execute arbitrary code on machines with vulnerable versions. 2 years ago, WinRAR also made headlines when a 19-year old vulnerability was disclosed which impacted the very large userbase of the never-ending trial software.
Tracked as CVE-2021-35052, this issue currently affects version 5.70 and older but has only been fixed very recently in Winrar version 6.02. Positive Technologies disclosed this vulnerability and in their technical writeup they detail that "This vulnerability allows an attacker to intercept and modify requests sent to the user of the application,".
The issue originates due to older WinRAR versions using MSHTML (aka Trident), an old browser engine for Internet Explorer which was created to display web content in Microsoft Office. By abusing the pop-up designed to lead people to purchase Winrar, attackers are able to create a redirect to a web address of their choice.
To help you in combating vulnerabilities and other security risks to your IT environment, you can use our reports to get an overview of software or hardware that is at risk of containing vulnerabilities. For this specific WinRAR vulnerability, we've updated our previously created Winrar vulnerability audit so you can get a color-coded overview of all WinRAR installations that are not on the fixed version 6.02.