WinRAR: The wrong way of answering to a critical vulnerability

With over 500 million users worldwide, WinRAR is by far the most popular compression program.
An independent security lab found a remote code execution vulnerability in the official WInRAR SFX v5.21 software.

The vulnerability allows remote attackers to unauthorized execute system specific code to compromise a target system.

The issue is located in the Text and Icon function of the Text to display in SFX window module.  Remote attackers are able to generate own compressed archives with malicious payloads to execute system specific codes for compromise. The security risk of the code execution vulnerability is estimated as critical with a CVSS(common vulnerability scoring system) count of 9.2.

Exploitation of the code execution vulnerability requires low user interaction (open file) without privilege system or restricted user accounts. Successful exploitation of the remote code execution vulnerability in the WinRAR SFX software results in system, network or device compromise.

Simple words: Basically, the attack uses the option to write HTML code in the text display window when creating a SFX archive.


ZDNet contacted the creators of the software, Rar Labs and the answer left me baffled when they explained ZDNet that as SFX archives can run contained executable files — and is required by installers — any SFX archive is potentially dangerous for users.

WinRAR said in a statement:

“We can say that limiting SFX module HTML functionality would hurt only those legitimate users, who need all HTML features, making absolutely no problem for a malicious person, who can use previous version SFX modules, custom modules built from UnRAR source code, their own code or archived executables for their purpose. We can only remind users once again to run .exe files, either SFX archives or not, only if they are received from a trustworthy source.

So, don’t run SFX that you don’t know or trust. I couldn’t agree more with this statement. But, this should be added just as a precaution and not as the solution.


Recommended solution: 

Go to Control Panel ->Programs and Features -> Select Winrar and click Uninstall.



Download 7-ZIP from here FOR FREE.

© Copyright Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check for seeing the consulting services we offer.

Visit for latest security news in English
Besuchen Sie für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since over 20 years in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is CEO and owner of Endpoint Cybersecurity GmbH focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .
%d bloggers like this: