Early bird prices are coming to an end soon... ⏰ Grab your tickets before January 17

This article was published on September 30, 2015

WinRAR security flaw opens users to remote attack just by unzipping files Update: Not so fast


WinRAR security flaw opens users to remote attack just by unzipping files Update: Not so fast Image by: Shutterstock

Update: WinRAR’s has officially responded to the vulnerability by saying that “executable files are potentially dangerous by design” and that it would be easier for attackers to just bundle a malicious file.

Update 2: Malwarebytes says it’s not as bad as it first thought, and has redacted its post saying the flaw only affects users who intentionally run any unzipped malware. Crisis averted!

WinRAR is a popular piece of software you’ve probably run into at least once in the past — a shareware app that helps you unzip RAR files — but a vulnerability discovered in the latest release could pose a serious problem for thousands of users.

According to a security report by Vulnerability Lab, the latest version of WinRAR can execute malicious code as you unzip an SFX archive — completely without your knowledge.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

SFX archives are a specific kind of RAR file that’s commonly wrapped around pirated software to help install files in the right directory or provide instructions to users as they unzip the files.

The proof of concept code allows the attacker to exploit the HTML instruction view shown in the installer to download an executable from the internet, then run that on the user’s system without their knowledge.

MalwareBytes confirmed the vulnerability’s existence, noting that it hasn’t been patched and only requires “trivial” modifications to the proof of concept code to attack users. It’s unclear how many users are affected by the exploit, though WinRAR proudly claims 500 million users on its site.

 

 

WinRAR remote code execution vulnerability [SECLISTS]

Image credit: Shutterstock

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Published
Back to top