CVE-2018-20250 WinRAR Flaw Used in 100 Unique Exploits
NEWS

CVE-2018-20250 WinRAR Flaw Used in 100 Unique Exploits

CVE-2018-20250 is a critical vulnerability in WinRAR, which has been estimated to have been a part of the software for 19 years or even more. The vulnerability even forced the development team to drop support for a file format.




This very same vulnerability which was disclosed publicly by Check Point has been exploited in the wild by a number of malicious campaigns, possibly by nation-state hackers as well. The flaw has been exploited with the purpose of planting malware on targeted systems.

The research initially revealed that there are multiple weaknesses in the extraction of several popular archive formats: RAR, LZH and ACE due to memory corruption. However, there was also a parsing error with the ACE format which led to the discovery that the outdated DLL file could be manipulated by malware as they do not have protective mechanism. A proof-of-concept demonstratrion showcased that by using a few simple parameters the whole program could be exploited.

Related:
A security team has announced the discovery of a critical vulnerability found in WinRAR, one of the most popular archive and compression tools used by users
CVE-2018-20250: WinRAR Vulnerability Found after 19 Years of Possible Exploitation.

Campaigns Using the CVE-2018-20250 Flaw Continue to Rise

Using crafted archive files computer hackers could trigger remote code execution sessions merely by making the users open them up — the dangerous files can be of different formats. The malicious code can be moved to the Startup Folders which means that it will be run automatically every time the computer is powered on. That’s what happened in the actual attacks.

There have been various spam campaigns based on the CVE-2018-20250 flaw, delivering different malicious payloads. Apparently, malicious archives were also sent to South Korean government agencies. Another highly targeted campaign utilized a phishing trick about United Nations and human rights to target users in the Middle East.

A recent report by McAfee reveals another lure where Ariana Grande is used to trick users into opening maliciously crafted archives that drop malware on their machines. The researchers have come across at least 100 unique exploits using the WinRAR flaw, and the attacks are highly likely to continue. Millions of users are using the program, and chances are many of them are running an outdated, unpatched version of it.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...