vendor:
WinRAR
by:
hyp3rlinx
8.8
CVSS
HIGH
XML External Entity Injection
611
CWE
Product Name: WinRAR
Affected Version From: 5.80
Affected Version To: 5.80
Patch Exists: Yes
Related CWE: N/A
CPE: a:winrar:winrar
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Microsoft Windows Version 10.0.18362.418 64bit
2020
winrar 5.80 – XML External Entity Injection
WinRAR 5.80 is vulnerable to XML External Entity Injection. An attacker can craft a malicious XML file and send it to the victim, which can then be used to read arbitrary files on the victim's system. The attacker can also use the malicious XML file to send the contents of the arbitrary files to a remote server under the attacker's control. The exploit involves creating an HTML file with a malicious XML file embedded in it, and then dragging the HTML file into the WinRAR window. The malicious XML file contains an entity declaration that references a remote DTD file hosted on the attacker's server. The DTD file contains an entity declaration that references a file on the victim's system, which is then sent to the attacker's server.
Mitigation:
Users should ensure that they are running the latest version of WinRAR, and should avoid opening files from untrusted sources.
