CVE-2024-36052: 
WinRAR vulnerability analysis and mitigation

RARLAB WinRAR before version 7.00, on Windows systems, contains a vulnerability that allows attackers to spoof screen output through ANSI escape sequences. This vulnerability, tracked as CVE-2024-36052, is distinct from CVE-2024-33899 and was discovered by security researcher Siddharth Dushantha. The vulnerability was patched in WinRAR version 7.00, released on February 28, 2024. It's important to note that only the console versions of RAR and UnRAR were affected, while the GUI version of WinRAR and the UnRAR library remained unimpacted (Medium Blog, Security Online).

The vulnerability stems from the improper neutralization of escape, meta, or control sequences (CWE-150) in WinRAR's console versions. The issue allows attackers to inject ANSI escape sequences into archive comments, which can then be used to manipulate the terminal output. ANSI escape sequences are special codes used to control text formatting, colors, and cursor positioning in terminals. The vulnerability has received a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N (NVD).

The primary impact of this vulnerability is the ability for attackers to spoof screen output, potentially deceiving users about the contents of archive files. For example, attackers could create fake file listings by injecting malicious ANSI codes into archive comments, potentially tricking users into opening harmful files disguised as harmless ones (Medium Blog).

The vulnerability has been patched in WinRAR version 7.00. Users are strongly advised to update to this version or later to protect against potential attacks. In version 7.00, RARLAB implemented security measures to filter out character 27 from screen output, which is used to declare ANSI escape control sequences (RARLAB).