Old Version Of WinRAR Can Be Used To Break Into PCs


WinRAR: Researchers at digital security firm Positive Technologies have discovered a vulnerability in the traditional file compression program WinRAR. The loophole was found in version 5.7 of the software in its free trial version, which is the most popular.

Named CVE-2021-35052, the fault uses a JavaScript error window that uses Internet Explorer to function. This command can be intercepted by experienced criminals and exchanged for other remote execution code on the user’s equipment — taking anyone clicking the “Yes” option to a rogue domain, installing an application or having information stolen, for example.

As the attack operates in a man-in-the-middle mode, not all users can be victims of WinRAR exploitation: in addition to not bypassing traditional defenses, which include security warnings from Windows itself, this scam can only be performed in full if the network domain is already compromised by the same criminals.

Update yours!

WinRAR has already been updated to versions that fix the vulnerability and is currently in release 6.02. Check the version of your application in the item Help > About WinRAR in the program window and, preferably, download the latest one to your PC.


Please enter your comment!
Please enter your name here