Zum Inhalt wechseln

Als Gast hast du nur eingeschränkten Zugriff!


Anmelden 

Benutzerkonto erstellen

Du bist nicht angemeldet und hast somit nur einen sehr eingeschränkten Zugriff auf die Features unserer Community.
Um vollen Zugriff zu erlangen musst du dir einen Account erstellen. Der Vorgang sollte nicht länger als 1 Minute dauern.

  • Antworte auf Themen oder erstelle deine eigenen.
  • Schalte dir alle Downloads mit Highspeed & ohne Wartezeit frei.
  • Erhalte Zugriff auf alle Bereiche und entdecke interessante Inhalte.
  • Tausche dich mich anderen Usern in der Shoutbox oder via PN aus.
 

   

Foto

Warning: Critical WinRAR Flaw Affects All Versions Released

- - - - -

  • Bitte melde dich an um zu Antworten
Keine Antworten in diesem Thema

#1
g0rillaz

g0rillaz

    Script Kiddie

  • Premium Member
  • Likes
    122
  • 47 Beiträge
  • 309 Bedankt
  • 695218901
  • Android [root]
  • Windows, Linux

Warning: Critical WinRAR Flaw Affects All Versions Released

 

Beware Windows users... a new dangerous remote code execution vulnerability has been discovered in the WinRAR software, affecting hundreds of millions of users worldwide.

Cybersecurity researchers at Check Point have disclosed technical details of a critical vulnerability in WinRAR†”a popular Windows file compression application with 500 million users worldwide†”that affects all versions of the software released in last 19 years.

The flaw resides in the way an old third-party library, called UNACEV2.DLL, used by the software handled the extraction of files compressed in ACE data compression archive file format.

However, since WinRAR detects the format by the content of the file and not by the extension, attackers can merely change the .ace extension to .rar extension to make it look normal.

 

Please Login HERE or Register HERE to see this link!

 

According to researchers, they found an "Absolute Path Traversal" bug in the library that could be leveraged to execute arbitrary code on a targeted system attempting to uncompress a maliciously-crafted file archive using the vulnerable versions of the software.

 

The path traversal flaw allows attackers to extract compressed files to a folder of their choice rather than the folder chosen by the user, leaving an opportunity to drop malicious code into Windows Startup folder where it would automatically run on the next reboot.

As shown in the video demonstration shared by researchers, to take full control over the targeted computers, all an attacker needs to do is convincing users into just opening maliciously crafted compressed archive file using WinRAR.

Since the WinRAR team had lost source code of the UNACEV2.dll library in 2005, it decided to drop UNACEV2.dll from their package to fix the issue and released WINRar version 5.70 beta 1 that doesn't support the ACE format.

Windows users are advised to install the latest version of WinRAR as soon as possible and avoid opening files received from unknown sources.

 

 

 

 

 

 

 


  • Crowx88 gefällt das

Please like the thread if you've found this useful!

 

Pidgin otr:g0rillaz_c0dz.exploit.im
Icq:695218901

Eingefügtes Bild





Auch mit einem oder mehreren dieser Stichwörter versehen: News

Besucher die dieses Thema lesen:

Mitglieder: , Gäste: , unsichtbare Mitglieder:


This topic has been visited by 20 user(s)


    Avni, Blackhook, blue_eyed_devil, Bot4ng, BurningWay, Crowx88, Flex.Net, FrogPussyGreen, g0rillaz, Henry Dorsett, Juri, kiwitone, LiandBlood, madamor45xx, mesagio, N4dja, PadX18, ProHex, raider, Zerobyte
Die besten Hacking Tools zum downloaden : Released, Leaked, Cracked. Größte deutschsprachige Hacker Sammlung.