JVN#64636058: WinRAR may insecurely load executable files

WinRAR contains a function where user specified files on the local disk can be executed. When this file does not have a file extension, a file of the same name with a file extension contained in the same folder may be executed by WinRAR instead of the user specified file.

WinRAR also contains a function where registry settings can be saved and registry settings can be recovered from files. If the folder displayed on screen contains an executable file, such as REGEDIT.BAT, when attempting to save or recover registry settings, REGEDIT.BAT is executed instead of the Windows registry editor (regedit.exe).

Impact

If an attacker convinces a user to open a file without an extension through WinRAR, a file with the same name with a file extension in the same folder will be executed with the privileges of WinRAR.

If an attacker places an executable file, such as REGEDIT.BAT into a folder that is being displayed through WinRAR, when the user saves or restores WinRAR settings, REGEDIT.BAT will be executed with the privileges of WinRAR instead of the Windows registry editor (regedit.exe).

Solution

Update the Software
This vulnerability has been addressed in WinRAR 5.30 beta 5.
Update to the latest version according to the information provided by the developer.

Products Affected

• WinRAR 5.30 beta 4 (32 bit) and earlier
• WinRAR 5.30 beta 4 (64 bit) and earlier