Meanwhile, there are probably already about 100 exploits with which cyber criminals try to exploit the recently discovered and patched WinRAR vulnerability (CVE-2018-20250) in Windows UNACEV2.DLL.
In mid-February, a decade-old code execution vulnerability in a library file UNACEV2.DLL used by WinRAR, among others, became publicly known. This vulnerability threatens millions of users who use software with this DLL under Windows. I had reported in the the blog post Vulnerababe UNACEV2.DLL puts software like WinRAR at risk about it. WinRAR solved the problem by removing the library file UNACEV2.DLL. But many software packages use the library file UNACEV2.DLL without users suspecting it.
WinRAR exploit (#CVE-2018-20250) sample (united nations .rar) seems targeting the Middle East. Embedded with bait documents relating to the United Nations Human Rights and the #UN in Arabic, it finally downloads and executes #Revenge RAT.https://t.co/WJ4oJ1UxAz pic.twitter.com/fgHYSD4Mk5
— 360 Threat Intelligence Center (@360TIC) 12. März 2019
Now ZDNet.com has published this article about that topic. McAfee security researchers have now observed around 100 attack variants attacking this vulnerability via manipulated .RAR archives. So update your WinRAR and search your Windows system disk for the library file UNACEV2.DLL and remove it (if the software associated with the DLL doesn't ships an update).
Cookies helps to fund this blog: Cookie settings