WinRAR Mark-Of-The-Web Bypass Vulnerability
CVE-2024-30370

4.3MEDIUM

Key Information:

Vendor
Rarlab
Status
Winrar
Vendor
CVE Published:
2 April 2024

Summary

RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific action on a malicious page.

The specific flaw exists within the archive extraction functionality. A crafted archive entry can cause the creation of an arbitrary file without the Mark-Of-The-Web. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current user. Was ZDI-CAN-23156.

Affected Version(s)

WinRAR 7.00 beta 4 (64-bit)

References

https://www.zerodayinitiative.com/advisories/ZDI-24-357/
x_research-advisory
https://www.rarlab.com/rarnew.htm#27.%20Busgs%20fixed
vendor-advisory

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2024-30370 : WinRAR Mark-Of-The-Web Bypass Vulnerability | SecurityVulnerability.io