Vulnerability in RAR program

Viruses and worms
1

Hi guys,

There was vulnerability of RAR, and was used to extract malware to startup folder without user’s knowledge. The malware was distributed in pirate copy of “Ariana_Grande-thank_u,next(2019)[320].rar”

When a vulnerable version of WinRAR is used to extract the contents of this archive, a malicious program is extracted to Startup folder behind the scenes. User Access Control (UAC) is bypassed, so no alert is displayed to the user. The next time the system restarts, the malware (exe file) is run.

My question is, why is UAC bypassed and how it is possible? How is it possible when you use user account? Isn’t it Microsoft bug?

2

Upload and scan file at www.virustotal.com

Post link to scan result here

3

This is now what I asked about. I dont have this file. I am just asking here.

“User Access Control (UAC) is bypassed after the payload gets executed, so no alert is displayed to the user. The next time the system restarts, the malware is run.”

How is it possible that UAC is bypassed?

4

I guess it is this

Over 100 Exploits Found for 19-Year Old WinRAR RCE Bug
https://www.bleepingcomputer.com/news/security/over-100-exploits-found-for-19-year-old-winrar-rce-bug/

https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/attackers-exploiting-winrar-unacev2-dll-vulnerability-cve-2018-20250/

Not detected by avast - Ariana_Grande-thank_u,next(2019)[320].rar - 2019-03-16 20:57:33 UTC
https://www.virustotal.com/#/file/e6e5530ed748283d4f6ef3485bfbf84ae573289ad28db0815f711dc45f448bec/detection

First Submission 2019-02-28 08:26:51
Last Submission 2019-02-28 08:26:51
Last Analysis 2019-03-16 20:57:33

Extracted Malware payload Not detected by avast - 2019-03-16 20:52:33 UTC
https://www.virustotal.com/#/file/a1c06018b4e331f95a0e33b47f0faa5cb6a084d15fec30772923269669f4bc91/detection

First Submission 2019-02-28 08:49:53
Last Submission 2019-02-28 08:49:53
Last Analysis 2019-03-16 20:52:33

5

Yes, you are right. And how is it possible that UAC is bypassed here? Please answer this.

6

I am not a programmer or malware analyst

But a google search may give you the answer >>> https://www.google.com/search?ei=U2WNXPL-OaGrmwXkraqADA&q=how+to+bypass+UAC&oq=how+to+bypass+UAC&gs_l=psy-ab.3..35i39j0l5j0i20i263j0.8023.10646..11538...0.0..0.129.654.2j4......0....1..gws-wiz.......0i71j0i67j0i203.MUhQrqiVQmY