Security researchers have discovered a new flaw located in the UnRAR utility by RARlabs. The flaw can reportedly be exploited to steal emails from Zimbra email accounts and has been allocated a severity score of 7.5 out of 10 on the CVSS scale. Zimbra is an enterprise email solution that is used by roughly 200,000 businesses, government entities, and financial institutions. Therefore, the recently detected vulnerability has significant risks. Security researchers at Sonar were the first to discover the bug, and released an advisory pertaining to it Tuesday.
According to the advisory produced by Sonar, the vulnerability is a 0-day flaw that is found in a third party tool Zimbra uses to operate. The flaw allows an attacker to create files outside of the target extraction directory. Successful exploitation, therefore, offers attackers access to all emails sent and received on an email server that has been compromised. Since this platform is used by organizations in the financial and government sectors, the flaw could have serious consequences if exploited.
Read More: New UnRAR Vulnerability Could Lead to Zimbra Webmail Hack