{"id":1154,"date":"2023-09-14T15:06:08","date_gmt":"2023-09-14T08:06:08","guid":{"rendered":"https:\/\/itlr.ufl.udn.vn\/?p=1154"},"modified":"2023-09-14T15:07:14","modified_gmt":"2023-09-14T08:07:14","slug":"phan-mem-nen-giai-nen-quoc-dan-winrar-cung-luc-dinh-2-lo-hong","status":"publish","type":"post","link":"https:\/\/itlr.ufl.udn.vn\/?p=1154","title":{"rendered":"Ph\u1ea7n m\u1ec1m n\u00e9n\/gi\u1ea3i n\u00e9n ‘qu\u1ed1c d\u00e2n’ WinRar c\u00f9ng l\u00fac d\u00ednh 2 l\u1ed7 h\u1ed5ng"},"content":{"rendered":"\n

Hacker \u0111\u0103ng t\u1ea3i b\u00e0i vi\u1ebft l\u00ean nh\u1eefng di\u1ec5n \u0111\u00e0n v\u1ec1 ch\u1ee9ng kho\u00e1n v\u00e0 ti\u1ec1n \u0111i\u1ec7n t\u1eed k\u00e8m li\u00ean k\u1ebft \u0111\u1ec3 t\u1ea3i xu\u1ed1ng t\u1ec7p n\u00e9n. Ng\u01b0\u1eddi d\u00f9ng ch\u1ec9 \u1ea5n v\u00e0o \u0111\u01b0\u1eddng link hacker g\u1eedi, t\u1ec7p n\u00e9n ch\u1ee9a m\u00e3 \u0111\u1ed9c s\u1ebd \u0111\u01b0\u1ee3c t\u1ea3i xu\u1ed1ng thi\u1ebft b\u1ecb c\u1ee7a n\u1ea1n nh\u00e2n.<\/h3>\n\n\n\n

Di\u1ec5n \u0111\u00e0n hacker m\u0169 tr\u1eafng (WhiteHat) cho bi\u1ebft, k\u1ecbch b\u1ea3n t\u1ea5n c\u00f4ng n\u00eau tr\u00ean xu\u1ea5t hi\u1ec7n t\u1eeb th\u00e1ng 8-2023. Hacker \u0111\u00e3 ph\u00e1t \u0111\u1ed9ng chi\u1ebfn d\u1ecbch ph\u00e1t t\u00e1n m\u00e3 \u0111\u1ed9c l\u1ee3i d\u1ee5ng l\u1ed7 h\u1ed5ng trong WinRar. WinRar \u0111\u01b0\u1ee3c xem m\u1ed9t ph\u1ea7n m\u1ec1m n\u00e9n\/gi\u1ea3i n\u00e9n \u201cqu\u1ed1c d\u00e2n\u201d v\u1edbi h\u01a1n 500 tri\u1ec7u ng\u01b0\u1eddi d\u00f9ng tr\u00ean to\u00e0n th\u1ebf gi\u1edbi.<\/p>\n\n\n\n

\u0110\u00e1ng ch\u00fa \u00fd trong c\u00f9ng m\u1ed9t th\u00e1ng, WinRar \u0111\u00e3 d\u00ednh 2 l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng CVE-2023-38831 v\u00e0 CVE-2023-40477 \u0111\u1ec1u c\u00f3 \u0111i\u1ec3m CVSS l\u00e0 7,8\/10 v\u1edbi \u0111\u1ea7u v\u00e0o t\u1ea5n c\u00f4ng l\u00e0 con \u0111\u01b0\u1eddng phishing (t\u1ea5n c\u00f4ng gi\u1ea3 m\u1ea1o).<\/p>\n\n\n\n

Theo WhiteHat, nh\u00ecn b\u00ean ngo\u00e0i, c\u00e1c t\u1ec7p n\u00e9n ch\u1ee9a m\u00e3 \u0111\u1ed9c c\u1ee7a tin t\u1eb7c kh\u00f4ng kh\u00e1c g\u00ec m\u1ed9t t\u1ec7p v\u00f4 h\u1ea1i (\u1ea3nh d\u1ea1ng JPG (.jpg), t\u1ec7p v\u0103n b\u1ea3n (.txt) ho\u1eb7c t\u00e0i li\u1ec7u PDF (.pdf nh\u01b0ng ngay khi n\u1ea1n nh\u00e2n click \u0111\u00fap v\u00e0o t\u1ec7p, l\u1ed7 h\u1ed5ng CVE-2023-38831 s\u1ebd \u00e2m th\u1ea7m kh\u1edfi ch\u1ea1y m\u1ed9t t\u1eadp l\u1ec7nh kh\u00e1c \u0111\u1ec3 c\u00e0i \u0111\u1eb7t ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i tr\u00ean thi\u1ebft b\u1ecb. \u0110\u1ed3ng th\u1eddi, m\u1ed9t t\u00e0i li\u1ec7u an to\u00e0n tr\u00f9ng t\u00ean v\u1edbi t\u1ec7p n\u00e9n c\u0169ng s\u1ebd \u0111\u01b0\u1ee3c m\u1edf l\u00ean \u0111\u1ec3 tr\u00e1nh nghi ng\u1edd.<\/p>\n\n\n\n

T\u1edbi \u0111\u00e2y, hacker \u0111\u00e3 c\u00f3 \u0111\u01b0\u1ee3c quy\u1ec1n truy c\u1eadp t\u1eeb xa v\u00e0o thi\u1ebft b\u1ecb c\u1ee7a n\u1ea1n nh\u00e2n v\u00e0 c\u00f3 th\u1ec3 \u0111\u00e1nh c\u1eafp ti\u1ec1n \u0111i\u1ec7n t\u1eed t\u1eeb t\u00e0i kho\u1ea3n c\u1ee7a h\u1ecd. Theo c\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u, \u0111\u00e3 c\u00f3 \u0111\u1ebfn 130 ng\u01b0\u1eddi l\u00e0 n\u1ea1n nh\u00e2n c\u1ee7a chi\u1ebfn d\u1ecbch t\u1ea5n c\u00f4ng v\u00e0 8 di\u1ec5n \u0111\u00e0n b\u1ecb tin t\u1eb7c ph\u00e1t t\u00e1n link k\u00e8m t\u1ec7p \u0111\u1ed9c h\u1ea1i.<\/p>\n\n\n\n

C\u00f2n v\u1edbi CVE-2023-40477, WinRAR x\u1eed l\u00fd file n\u00e9n \u0111\u1ed9c h\u1ea1i v\u1eeba \u0111\u01b0\u1ee3c t\u1ea3i v\u1ec1 s\u1ebd d\u1eabn \u0111\u1ebfn l\u1ed7i tr\u00e0n b\u1ed9 \u0111\u1ec7m xu\u1ea5t ph\u00e1t t\u1eeb vi\u1ec7c x\u1eed l\u00fd Recovery Volume (t\u00ednh n\u0103ng gi\u00fap t\u1ea1o c\u00e1c t\u1ec7p tin d\u1ef1 ph\u00f2ng c\u00f3 kh\u1ea3 n\u0103ng s\u1eeda ch\u1eefa v\u00e0 ph\u1ee5c h\u1ed3i d\u1eef li\u1ec7u b\u1ecb h\u1ecfng trong t\u1ec7p tin n\u00e9n), t\u1ea1o c\u01a1 h\u1ed9i cho k\u1ebb t\u1ea5n c\u00f4ng th\u1ef1c thi m\u00e3 t\u00f9y \u00fd tr\u00ean t\u1ea5t c\u1ea3 c\u00e1c h\u1ec7 th\u1ed1ng m\u00e0 WinRAR \u0111\u01b0\u1ee3c c\u00e0i \u0111\u1eb7t.<\/p>\n\n\n\n

Theo c\u00e1c chuy\u00ean gia WhiteHat, \u0111\u1ebfn nay v\u1eabn ch\u01b0a c\u00f3 b\u00e1o c\u00e1o n\u00e0o v\u1ec1 c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng s\u1eed d\u1ee5ng hai l\u1ed7 h\u1ed5ng n\u00e0y t\u1ea1i Vi\u1ec7t Nam. Nh\u01b0ng v\u1edbi s\u1ed1 l\u01b0\u1ee3ng ng\u01b0\u1eddi d\u00f9ng kh\u1ed5ng l\u1ed3 c\u1ee7a WinRar, vi\u1ec7c hacker t\u1ea1o ra nhi\u1ec1u l\u00e0n s\u00f3ng t\u1ea5n c\u00f4ng l\u1ee3i d\u1ee5ng 2 CVE n\u00e0y ch\u1ec9 l\u00e0 chuy\u1ec7n m\u1ed9t s\u1edbm m\u1ed9t chi\u1ec1u, \u0111\u1eb7c bi\u1ec7t l\u00e0 khi PoC c\u1ee7a 2 l\u1ed7 h\u1ed5ng \u0111\u00e3 \u0111\u01b0\u1ee3c c\u00f4ng b\u1ed1.<\/p>\n\n\n\n

N\u1ebfu ch\u01b0a th\u1ec3 c\u1eadp nh\u1eadt ph\u1ea7n m\u1ec1m WinRar c\u1ee7a m\u00ecnh, WhiteHat khuy\u1ebfn c\u00e1o ng\u01b0\u1eddi d\u00f9ng n\u00ean c\u1ea9n tr\u1ecdng khi t\u1ea3i xu\u1ed1ng c\u00e1c t\u1ec7p kh\u00f4ng r\u00f5 ngu\u1ed3n g\u1ed1c c\u0169ng nh\u01b0 b\u1eadt t\u01b0\u1eddng l\u1eeda \u0111\u1ec3 b\u1ea3o v\u1ec7 b\u1ea3n th\u00e2n kh\u1ecfi tin t\u1eb7c.<\/p>\n\n\n\n

Ngu\u1ed3n ANT\u0110: https:\/\/anninhthudo.vn\/phan-mem-nengiai-nen-quoc-dan-winrar-cung-luc-dinh-2-lo-hong-post551677.antd<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Hacker \u0111\u0103ng t\u1ea3i b\u00e0i vi\u1ebft l\u00ean nh\u1eefng di\u1ec5n \u0111\u00e0n v\u1ec1 ch\u1ee9ng kho\u00e1n v\u00e0 ti\u1ec1n \u0111i\u1ec7n t\u1eed k\u00e8m li\u00ean k\u1ebft \u0111\u1ec3 t\u1ea3i xu\u1ed1ng t\u1ec7p n\u00e9n. Ng\u01b0\u1eddi d\u00f9ng ch\u1ec9 \u1ea5n v\u00e0o \u0111\u01b0\u1eddng link hacker g\u1eedi, t\u1ec7p n\u00e9n ch\u1ee9a m\u00e3 \u0111\u1ed9c s\u1ebd \u0111\u01b0\u1ee3c<\/p>\n","protected":false},"author":1,"featured_media":1155,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10,53],"tags":[],"_links":{"self":[{"href":"https:\/\/itlr.ufl.udn.vn\/index.php?rest_route=\/wp\/v2\/posts\/1154"}],"collection":[{"href":"https:\/\/itlr.ufl.udn.vn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/itlr.ufl.udn.vn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/itlr.ufl.udn.vn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/itlr.ufl.udn.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1154"}],"version-history":[{"count":2,"href":"https:\/\/itlr.ufl.udn.vn\/index.php?rest_route=\/wp\/v2\/posts\/1154\/revisions"}],"predecessor-version":[{"id":1157,"href":"https:\/\/itlr.ufl.udn.vn\/index.php?rest_route=\/wp\/v2\/posts\/1154\/revisions\/1157"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/itlr.ufl.udn.vn\/index.php?rest_route=\/wp\/v2\/media\/1155"}],"wp:attachment":[{"href":"https:\/\/itlr.ufl.udn.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1154"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/itlr.ufl.udn.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1154"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/itlr.ufl.udn.vn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1154"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}