Screen Spoofing Vulnerability in RARLAB WinRAR
CVE-2024-36052

7.5HIGH

Key Information:

Vendor: RARLAB
Vendor: CVE Published:; 21 May 2024

Summary

RARLAB WinRAR versions prior to 7.00 for Windows are affected by a vulnerability that enables attackers to manipulate the screen output, allowing potential deceptive displays through the use of ANSI escape sequences. This presents a significant risk to user security and can lead to the exploitation of sensitive information, as the altered output may mislead users into trusting malicious prompts or information. It is crucial for users to apply updates or patches offered by RARLAB to protect against such threats.

References

https://www.rarlab.com/rarnew.htm

https://sdushantha.medium.com/ansi-escape-injection-vulne...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 21, 2024