Is Newsbin vulnerable to the recent Winrar exploit?
Posted:
Sun Mar 17, 2019 4:50 pm
by mdbourgon
Howdy. Unsure how Newsbin does its Unrar-ing (I assume it's either par2dll or autopar2.dll), but I was concerned given the recent class of exploits with Winrar and the Winrar DLL. (
https://www.slashgear.com/19-years-old- ... -16569928/)
The reason I posted is because I saw mentioned that Winrar basically offered a free DLL to un-RAR files, so I wanted to be double sure. Is newsbin somehow susceptible?
Thanks in advance!
Re: Is Newsbin vulnerable to the recent Winrar exploit?
Posted:
Sun Mar 17, 2019 10:52 pm
by Quade
I've looked into it and I don't think it is. What Newsbin uses is a subset of the code Winrar uses. So it doesn't do ZIP or ACE files and doesn't load any external DLL's. It's my impression this latest exploit is the result of a very old external DLL winrar loaded to handle some files. Newsbin doesn't use the DLL.
What I'm wondering though is how WinRAR bypasses UAC. According to the exploit report I read, it can write to the windows startup folder without triggering a UAC prompt.
Re: Is Newsbin vulnerable to the recent Winrar exploit?
Posted:
Wed Mar 20, 2019 2:03 am
by mdbourgon
Gotcha. Thanks for checking. Yeah, it sounded like Winrar had older code specifically to handle ACE, so the exploit named it RAR so that Winrar would handle it. And you're right, that's strange that it could dump it in the startup folder.
Much appreciated, sir!