Executive Summary

This vulnerability exists in WinRAR version 5.61 and is a denial of service issue. It allows local attackers to crash the WinRAR application by placing a malformed winrar.lng language file in the installation directory.

When a user opens an archive and presses the test button, the application attempts to read invalid data from this malformed language file, causing an access violation at memory address 004F1DB8 and resulting in a crash.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can impact you by causing the WinRAR application to crash unexpectedly when opening archives and testing them if a maliciously crafted language file is present.

Since it is a denial of service vulnerability, it disrupts normal use of the application but does not compromise confidentiality or integrity of data.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves a malformed winrar.lng language file placed in the WinRAR installation directory that causes the application to crash when opening an archive and pressing the test button.

Detection would involve checking the WinRAR installation directory for suspicious or malformed winrar.lng files.

Since no specific commands or network detection methods are provided, a manual inspection of the installation directory is recommended.

Useful 0 Not Useful 0

Mitigation Strategies

The vulnerability allows local attackers to crash WinRAR by placing a malformed language file in the installation directory.

Immediate mitigation steps include ensuring that only trusted users have write access to the WinRAR installation directory to prevent placing malicious files.

Avoid opening archives and pressing the test button until a patch or update addressing this issue is applied.

Useful 0 Not Useful 0