![]() ![]() If malicious hackers manage to write to a known location, continued Scannell, they could potentially execute arbitrary commands on the system. However, a recently patched file-write flaw ( CVE-2022-30333) means an unauthenticated attacker can “create files outside of the target extraction directory when an application or victim user extracts an untrusted archive”, according to a blog post published by Simon Scannell, vulnerability researcher at Swiss security firm Sonar (formerly SonarSource).Ĭatch up with the latest security research news The UnRAR utility is used to extract RAR archives to a temporary directory for virus-scanning and spam-checking purposes. UPDATED A path traversal vulnerability in RarLab’s UnRAR binary can lead to remote code execution (RCE) on business email platform Zimbra and can potentially affect other software. Other applications using binary to extract untrusted archives are potentially vulnerable too
0 Comments
Leave a Reply. |