Nexthink Recognized by SIIA as the Best Digital Employee Experience Platform Learn more

Learn more

Learn more

cookie alert

We use cookies to offer you a better browsing experience, analyze site traffic, personalize content, and serve targeted advertisements. If you continue to use this site, you consent to our use of cookies.

Nexthink Library

Vulnerability Management

Back

Vulnerability Management

Latest Version: 1.0.1.0
|
Updated on February 28, 2024
Install

Description

Perform an update of WinRAR to the version 5.70 English to patch the vulnerability (CVE-2018-20250) discovered with ACE packages handling.

Versions

  • 1.0.1.0 - 28 Feb 2024 - Updated OS requirements
  • 1.0.0.0 - 22 Jul 2022 - Initial release

Content

Campaigns - 2
Investigations - 2
Remote actions - 1
Update WinRAR

Required Products

Nexthink Act
Nexthink Engage

Platforms

Windows 7 and newer

Compatibility

V6.14 and later

This Might Interest You

Workflow: Windows 11 migration
New

Orchestrate the Windows 11 migration process with automated compatibility checks and pre-to-post migration user engagement.

Released on April 11, 2024
View Library Pack

Workflow: Device assignment verification
New

Orchestrate the verification and update of device assignee information in the ServiceNow Hardware Asset Management database through a dedicated workflow.

Released on April 10, 2024
View Library Pack

Update WinRAR

Script Description

In WinRAR versions prior to and including 5.61, a vulnerability when managing ACE files has been discovered. When the filename is manipulated with some patterns, the destination folder is ignored and malicious files could be extracted anywhere without any notice.In order to run a silent execution, campaign can be skipped by providing an empty GUID as input CampaignId. In such case, WinRAR will be closed and updated automatically.

Execution context and suggested scheduling

Run the script as 'local system'. The script should be executed every 4 weeks.

A timeout of 720 seconds is recommended.

Parameters

Label Description
Campaign Id ID of the campaign to notify user that WinRAR must be closed. Provide an empty ID to avoid executing this campaign
Operation Completed Campaign Id ID of the campaign to notify the user about the finish of the WinRAR update process. Provide an empty ID to avoid executing this campaign
Maximum Delay In Seconds Maximum random delay set to avoid overloading server hosting virtual machines. Provide number of seconds less than 600

Outputs

Label Type Description
WinRAR Version String WinRAR version retrieved after performing the update process

Restrictions

Further Information

If you want to retrieve more information about this vulnerability, you can visit following:
* National Vulnerability Database (CVE-2018-20250).
* Extracting a 19 Year Old Code Execution from WinRAR.

Test Scenarios

WinRARIsNotInstalled
Test Case No version of WinRAR is installed.
Environment Windows 10 x86/x64 - Windows 7 x86/x64
Results Success - WinRAR is not installed.
NoVulnerableVersion
Test Case WinRAR is installed with version 5.71.
Environment Windows 10 x86/x64 - Windows 7 x86/x64
Results Success - WinRAR is not installed.
AllCampaignsAreCalled
Test Case WinRAR is installed with version 5.61 and running.
First campaign GUID has the default value.
Second campaign GUID has the default value.
Environment Windows 10 x86/x64 - Windows 7 x86/x64
Results Success - WinRAR version 5.70 is installed and all campaigns are called correctly.
OnlyFirstCampaignIsCalled
Test Case WinRAR is installed with version 5.61 and running.
First campaign GUID has the default value.
Second campaign GUID is empty.
Environment Windows 10 x86/x64 - Windows 7 x86/x64
Results Success - WinRAR version 5.70 is installed and the first campaign is called correctly.
OnlySecondCampaignIsCalled
Test Case WinRAR is installed with version 5.61 and running.
First campaign GUID is empty.
Second campaign GUID has the default value.
Environment Windows 10 x86/x64 - Windows 7 x86/x64
Results Success - WinRAR version 5.70 is installed and the second campaign is called correctly.