[Japanese]

JVNDB-2015-000199

WinRAR may insecurely load executable files

Overview

WinRAR contains a function where user specified files on the local disk can be executed. When this file does not have a file extension, a file of the same name with a file extension contained in the same folder may be executed by WinRAR instead of the user specified file.

WinRAR also contains a function where registry settings can be saved and registry settings can be recovered from files. If the folder displayed on screen contains an executable file, such as REGEDIT.BAT, when attempting to save or recover registry settings, REGEDIT.BAT is executed instead of the Windows registry editor (regedit.exe).
CVSS Severity (What is CVSS?)

Base Metrics: 5.1 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial

CVSS V3 Severity:
Base Metrics: 7.8 (High) [IPA Score]
  • Access Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products


rarlab
  • WinRAR 5.30 beta 4 (32 bit) and earlier
  • WinRAR 5.30 beta 4 (64 bit) and earlier

Impact

If an attacker convinces a user to open a file without an extension through WinRAR, a file with the same name with a file extension in the same folder will be executed with the privileges of WinRAR.

If an attacker places an executable file, such as REGEDIT.BAT into a folder that is being displayed through WinRAR, when the user saves or restores WinRAR settings, REGEDIT.BAT will be executed with the privileges of WinRAR instead of the Windows registry editor (regedit.exe).
Solution

[Update the Software]
This vulnerability has been addressed in WinRAR 5.30 beta 5.
Update to the latest version according to the information provided by the developer.
Vendor Information

rarlab
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2015-5663
References

  1. JVN : JVN#64636058
  2. National Vulnerability Database (NVD) : CVE-2015-5663
Revision History

[2015/12/17]
  Web page was published
[2016/01/07]
  References : Content was added