WinRAR: The wrong way of answering to a critical vulnerability

With over 500 million users worldwide, WinRAR is by far the most popular compression program.
An independent security lab found a remote code execution vulnerability in the official WInRAR SFX v5.21 software.

The vulnerability allows remote attackers to unauthorized execute system specific code to compromise a target system.

The issue is located in the Text and Icon function of the Text to display in SFX window module.  Remote attackers are able to generate own compressed archives with malicious payloads to execute system specific codes for compromise. The security risk of the code execution vulnerability is estimated as critical with a CVSS(common vulnerability scoring system) count of 9.2.

Exploitation of the code execution vulnerability requires low user interaction (open file) without privilege system or restricted user accounts. Successful exploitation of the remote code execution vulnerability in the WinRAR SFX software results in system, network or device compromise.

Simple words: Basically, the attack uses the option to write HTML code in the text display window when creating a SFX archive.

 

ZDNet contacted the creators of the software, Rar Labs and the answer left me baffled when they explained ZDNet that as SFX archives can run contained executable files — and is required by installers — any SFX archive is potentially dangerous for users.

WinRAR said in a statement:

“We can say that limiting SFX module HTML functionality would hurt only those legitimate users, who need all HTML features, making absolutely no problem for a malicious person, who can use previous version SFX modules, custom modules built from UnRAR source code, their own code or archived executables for their purpose. We can only remind users once again to run .exe files, either SFX archives or not, only if they are received from a trustworthy source.

So, don’t run SFX that you don’t know or trust. I couldn’t agree more with this statement. But, this should be added just as a precaution and not as the solution.

 

Recommended solution: 

Go to Control Panel ->Programs and Features -> Select Winrar and click Uninstall.

 

winrar-uninstall

Download 7-ZIP from here FOR FREE.


© Copyright 2015 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity


Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.

Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch