(no subject)

[ufm]

Schneier on Security wrote the following post Tue, 19 Aug 2025 14:07:28 +0300

Zero-Day Exploit in WinRAR File

A zero-day vulnerability in WinRAR is being exploited by at least two
Russian criminal groups:
> The vulnerability seemed to have super Windows powers. It abused
> alternate data streams, a Windows feature that allows different ways of
> representing the same file path. The exploit abused that feature to
> trigger a previously unknown path traversal flaw that caused WinRAR to
> plant malicious executables in attacker-chosen file paths %TEMP% and
> %LOCALAPPDATA%, which Windows normally makes off-limits because of their
> ability to execute code.
>

More details in the article...
https://arstechnica.com/security/2025/08/high-severity-winrar-0-day-exploited-for-weeks-by-2-groups/
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-fscc/c54dec26-1551-4d3a-a0ea-4fa40f848eb3

View article

View summary

🔗 Zero-Day Exploit in WinRAR File

A zero-day vulnerability in WinRAR is being exploited by at least two Russian criminal groups:

The vulnerability seemed to have super Windows powers. It abused alternate data streams, a Windows feature that allows different ways of representing the same file path. The exploit abused that feature to trigger a previously unknown path traversal flaw that caused WinRAR to plant malicious executables in attacker-chosen file paths %TEMP% and %LOCALAPPDATA%, which Windows normally makes off-limits because of their ability to execute code.

More details in the article.

Source:https://twinkle.lol/item/04ae657b-e090-4d7b-9d83-eecfd971bd06