CVE-2024-30370: 
WinRAR vulnerability analysis and mitigation

The CVE-2024-30370 is a Mark-Of-The-Web bypass vulnerability affecting RARLAB WinRAR. This security flaw was discovered by Orange Tsai and NiNi from DEVCORE Research Team working with Trend Micro Zero Day Initiative. The vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of WinRAR, requiring user interaction to exploit (ZDI Advisory).

The vulnerability exists within the archive extraction functionality of WinRAR. The specific flaw allows attackers to create a crafted archive entry that can cause the creation of an arbitrary file without the Mark-Of-The-Web protection. This vulnerability has been assigned a CVSS v3.0 base score of 4.3 (Medium) with the vector string CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N (ZDI Advisory).

When successfully exploited, this vulnerability can be leveraged in conjunction with other vulnerabilities to execute arbitrary code in the context of the current user. The bypass of Mark-Of-The-Web protection mechanism could potentially lead to security controls being circumvented (NVD).

RARLAB has issued an update to correct this vulnerability. Users are advised to update to the latest version of WinRAR to protect against this security flaw (RARLAB Updates).