Extracting a 19-Year-Old Code Execution from WinRAR

Presented at DeepSec 2019 „Internet of Facts and Fears“, Unknown date/time (Unknown duration)

Half a billion users worldwide use WinRAR for creating and extracting archives. This usually is assumed to be a safe procedure, however, we found a critical vulnerability that results in RCE by simply using WinRAR to extract an archive. After we published some of the details regarding the vulnerability it quickly spread through the cyber-crime world. In this talk we tell the story of how exactly we found the vulnerability and how we exploit it. This is no ordinary story as you can imagine that finding a 19 year old bug in such a high profile software isn't. We will share the fuzzing process using WinAFL, the way of thinking, and the evolution of our fuzzer/harness until we found the critical bug. We will fully disclose the root cause the exploitation process and the mitigations we had to overcome, as well as speaking about the aftermath of such mainstream event.

Presenters:

• Nadav Grossman - Check Point Software Technologies
  Nadav is a vulnerability researcher in the Malware and Vulnerability Research group at Check Point Research. He started his career in an elite Israeli military cyber unit as Research and Development Engineer. Before Check Point, he worked at Akamai as a security researcher and at IBM as a malware researcher. Nadav is passionate about vulnerability research and reversing and in his spare time he loves to play billiards.

Links:

• https://deepsec.net/archive/2019.deepsec.net/speaker.html#PSLOT429

Similar Presentations:

• DEF CON 29 (2021) / 2021 - Our Journey Back To The Future Of Windows Vulnerabilities and the 0-days we brought back with us
• Black Hat Europe 2020 Virtual / This is for the Pwners : Exploiting a WebKit 0-day in PlayStation 4
• Nuit du Hack 2015 / How to hack an old toy into a Mars rover