{"id":8961,"date":"2019-03-17T00:27:00","date_gmt":"2019-03-16T23:27:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=8961"},"modified":"2020-11-19T22:56:19","modified_gmt":"2020-11-19T21:56:19","slug":"100-exploits-addresses-winrar-vulnerarbility","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2019\/03\/17\/100-exploits-addresses-winrar-vulnerarbility\/","title":{"rendered":"100 Exploits addresses WinRAR vulnerarbility"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">Meanwhile, there are probably already about 100 exploits with which cyber criminals try to exploit the recently discovered and patched WinRAR vulnerability (CVE-2018-20250) in Windows UNACEV2.DLL. <\/p>\n<p><!--more--><\/p>\n<p>In mid-February, a decade-old code execution vulnerability in a library file UNACEV2.DLL used by WinRAR, among others, became publicly known. This vulnerability threatens millions of users who use software with this DLL under Windows. I had reported in the the blog post <a href=\"https:\/\/borncity.com\/win\/2019\/02\/21\/vulnerbility-in-unacev2-dll-puts-software-like-winrar-on-risk\/\">Vulnerababe UNACEV2.DLL puts software like WinRAR at risk<\/a> about it. WinRAR solved the problem by removing the library file UNACEV2.DLL. But many software packages use the library file UNACEV2.DLL without users suspecting it.&nbsp; <\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"de\">\n<p lang=\"en\" dir=\"ltr\">WinRAR exploit (<a href=\"https:\/\/twitter.com\/hashtag\/CVE?src=hash&amp;ref_src=twsrc%5Etfw\">#CVE<\/a>-2018-20250) sample (united nations .rar) seems targeting the Middle East. Embedded with bait documents relating to the United Nations Human Rights and the <a href=\"https:\/\/twitter.com\/hashtag\/UN?src=hash&amp;ref_src=twsrc%5Etfw\">#UN<\/a> in Arabic, it finally downloads and executes <a href=\"https:\/\/twitter.com\/hashtag\/Revenge?src=hash&amp;ref_src=twsrc%5Etfw\">#Revenge<\/a> RAT.<a href=\"https:\/\/t.co\/WJ4oJ1UxAz\">https:\/\/t.co\/WJ4oJ1UxAz<\/a> <a href=\"https:\/\/t.co\/fgHYSD4Mk5\">pic.twitter.com\/fgHYSD4Mk5<\/a><\/p>\n<p>\u2014 360 Threat Intelligence Center (@360TIC) <a href=\"https:\/\/twitter.com\/360TIC\/status\/1105344295869898752?ref_src=twsrc%5Etfw\">12. M\u00e4rz 2019<\/a><\/p><\/blockquote>\n<p><span id=\"preservef73e66cdbb1247d4bc22e9abf664ed19\" class=\"wlWriterPreserve\"><SCRIPT charset=\"utf-8\" src=\"https:\/\/platform.twitter.com\/widgets.js\" async><\/SCRIPT><\/span> <\/p>\n<p>Now ZDNet.com has published <a href=\"https:\/\/www.zdnet.com\/article\/100-unique-exploits-and-counting-for-latest-winrar-security-bug\/\" target=\"_blank\" rel=\"noopener noreferrer\">this article<\/a> about that topic. McAfee security researchers have now <a href=\"https:\/\/web.archive.org\/web\/20190808115036\/https:\/\/securingtomorrow.mcafee.com\/other-blogs\/mcafee-labs\/attackers-exploiting-winrar-unacev2-dll-vulnerability-cve-2018-20250\/\" target=\"_blank\" rel=\"noopener noreferrer\">observed around 100 attack variants<\/a> attacking this vulnerability via manipulated .RAR archives. So update your WinRAR and search your Windows system disk for the library file UNACEV2.DLL and remove it (if the software associated with the DLL doesn't ships an update). <\/p>\n<p><strong>Similar articles:<br \/><\/strong><a href=\"https:\/\/borncity.com\/win\/2019\/02\/21\/vulnerbility-in-unacev2-dll-puts-software-like-winrar-on-risk\/\">Vulnerababe UNACEV2.DLL puts software like WinRAR at risk<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2019\/02\/25\/micropatch-for-unacev2-dll-vulnerability-cve-2018-20250\/\">Micropatch for UNACEV2.DLL vulnerability CVE-2018-20250<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Meanwhile, there are probably already about 100 exploits with which cyber criminals try to exploit the recently discovered and patched WinRAR vulnerability (CVE-2018-20250) in Windows UNACEV2.DLL.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547],"tags":[69,1544],"class_list":["post-8961","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-security","tag-software"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/8961","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=8961"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/8961\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=8961"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=8961"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=8961"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}