You are using an ad blocker that is interfering with our web typography and internal javascript. Please whitelist our domain to live in a more beautiful world. No ads here, just really great software!

Vulnerability Management

Update vulnerable WinRAR installation on devices to prevent malicious ACE packages to extract files in arbitrary folders.

Description

Perform an update of WinRAR to the version 5.70 English to patch the vulnerability (CVE-2018-20250) discovered with ACE packages handling.

Script Update WinRAR

  • Version 1.0.0.0 – Initial release

Script Description

In WinRAR versions prior to and including 5.61, a vulnerability when managing ACE files has been discovered. When the filename is manipulated with some patterns, the destination folder is ignored and malicious files could be extracted anywhere without any notice.
In order to run a silent execution, campaign can be skipped by providing an empty GUID as input CampaignId. In such case, WinRAR will be closed and updated automatically.

Execution context and suggested scheduling

Run the script as local system. The script should be executed every 4 weeks.

A timeout of 720 seconds is recommended.

Parameters

ID Label Description
1 Campaign Id UID of the campaign to notify user that WinRAR must be closed. Provide an empty GUID to enable execution without campaign
2 Operation Completed Campaign Id UID of the campaign to notify the user about the finish of the WinRAR update process
3 Maximum Delay In Seconds Maximum random delay set to avoid overloading server hosting virtual machines. Provide number of seconds less than 600

Outputs

ID Label Type Description
1 WinRAR Version String WinRAR version retrieved after performing the update process

Further Information

If you want to retrieve more information about this vulnerability, you can visit following:
* National Vulnerability Database (CVE-2018-20250).
* WinRAR Zero-day Abused in Multiple Campaigns.
* Attackers exploiting WinRAR Vulnerability.
* Extracting a 19 Year Old Code Execution from WinRAR.

Restrictions

  • The script downloads and installs English version of WinRAR, any other language will be replaced.
  • In case of the device does not have WinRAR installed, the update process is skipped.
  • The script is executed as localSystem user and it needs access to Internet to perform the update process.

Content

Campaigns
Investigations
Remote Actions

Required Modules

Nexthink Act
Nexthink Engage

Platforms

Windows

Compatibility

V6.14 and later
Thank you!