Unrar Remote Code Execution

vendor:

Unrar

by:

Project Zero

N/A

CVSS

N/A

Unrar Remote Code Execution

119

CWE

Product Name: Unrar

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2017

Unrar Remote Code Execution

Symantec's unrar based unpacker is vulnerable to dozens of publicly documented flaws. Two known bugs in unrar that are fixed upstream, but not in Symantec's ancient code, can lead to remote code execution at the highest possible privilege level.

Mitigation:

Symantec should update their unrar based unpacker to the latest version.

Source

Exploit-DB raw data:

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=867

In issue 810 we pointed out to Symantec that they hadn't updated their unrar based unpacker for years, and it was vulnerable to dozens of publicly documented flaws.

I had expected Symantec to rebase on 5.4.2 (the latest version as of this writing), but they appear to have just backported fixes for the few issues I sent them.

Here are two known bugs in unrar that are fixed upstream, but not in Symantec's ancient code. If they continue to refuse to rebase, this might take a few iterations to shake the bugs out. Sigh.

As in issue 810, these are remote code execution vulnerabilities at the highest possible privilege level.


Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40405.zip