Update vulnerable WinRAR installation on devices to prevent malicious ACE packages to extract files in arbitrary folders.
Perform an update of WinRAR to the version 5.70 English to patch the vulnerability (CVE-2018-20250) discovered with ACE packages handling.
Script Update WinRAR
- Version 18.104.22.168 – Initial release
In WinRAR versions prior to and including 5.61, a vulnerability when managing ACE files has been discovered. When the filename is manipulated with some patterns, the destination folder is ignored and malicious files could be extracted anywhere without any notice.
In order to run a silent execution, campaign can be skipped by providing an empty GUID as input CampaignId. In such case, WinRAR will be closed and updated automatically.
Execution context and suggested scheduling
Run the script as local system. The script should be executed every 4 weeks.
A timeout of 720 seconds is recommended.
|1||Campaign Id||UID of the campaign to notify user that WinRAR must be closed. Provide an empty GUID to enable execution without campaign|
|2||Operation Completed Campaign Id||UID of the campaign to notify the user about the finish of the WinRAR update process|
|3||Maximum Delay In Seconds||Maximum random delay set to avoid overloading server hosting virtual machines. Provide number of seconds less than 600|
|1||WinRAR Version||String||WinRAR version retrieved after performing the update process|
If you want to retrieve more information about this vulnerability, you can visit following:
* National Vulnerability Database (CVE-2018-20250).
* WinRAR Zero-day Abused in Multiple Campaigns.
* Attackers exploiting WinRAR Vulnerability.
* Extracting a 19 Year Old Code Execution from WinRAR.
- The script downloads and installs English version of WinRAR, any other language will be replaced.
- In case of the device does not have WinRAR installed, the update process is skipped.
- The script is executed as localSystem user and it needs access to Internet to perform the update process.