It’s not just the critical Drupal vulnerability that is being exploited by in the wild cybercriminals to attack vulnerable websites that have not yet applied patches already available by its developers, but hackers are also exploiting a critical WinRAR vulnerability that was also revealed last week.
A few days ago, The Hacker News reported about a 19-year-old remote code execution vulnerability disclosed by Check Point in the UNACEV2.dll library of WinRAR that could allow a maliciously-crafted ACE archive file to execute arbitrary code on a targeted system.
WinRAR is a popular Windows file compression application with 500 million users worldwide, but a critical “Absolute Path Traversal” bug (CVE-2018-20250) in its old third-party library, called UNACEV2.DLL, could allow attackers to extract a compressed executable file from the ACE archive to one of the Windows Startup folders, where the file would automatically run on the next reboot.
To successfully exploit the vulnerability and take full control over the targeted computers, all an attacker needs to do is just convincing users into opening a maliciously-crafted compressed archive file using WinRAR.
Just a day after the Check Point’s blog post and a proof of concept video (that showcased how an ACE archive can extract a malicious file into the Windows Startup folder) went public, a Proof-of-concept (PoC) exploit code for the newly discovered WinRAR vulnerability was published to Github.
images from Hacker News