WinRAR: The wrong way of answering to a critical vulnerability

With over 500 million users worldwide, WinRAR is by far the most popular compression program. An independent security lab found a remote code execution vulnerability in the official WInRAR SFX v5.21 software. The vulnerability allows remote attackers to unauthorized execute system specific code to compromise a target system. The issue is located in the Text and Icon function of the Text to display in SFX window module.  Remote attackers are able to generate own compressed archives with malicious payloads to execute system specific codes for compromise. The security risk of the code execution vulnerability is estimated as critical with a CVSS(common vulnerability scoring system) count of 9.2. Exploitation of the code execution vulnerability requires low user interaction (open file) without privilege system or restricted user accounts. Successful exploitation of the remote code execution vulnerability in the WinRAR SFX software results in system, network or device compromise. Simple words: Basically, the attack uses the option to write HTML code in the text display window when creating a SFX archive.   ZDNet contacted the creators of the software, Rar Labs and the answer left me baffled when they explained ZDNet that as SFX archives can run contained executable files — and is required by installers —…

%d bloggers like this:

By continuing to use the site, you agree to the use of cookies and to its Privacy Policy more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.