Update: WinRAR’s has officially responded to the vulnerability by saying that “executable files are potentially dangerous by design” and that it would be easier for attackers to just bundle a malicious file.
Update 2: Malwarebytes says it’s not as bad as it first thought, and has redacted its post saying the flaw only affects users who intentionally run any unzipped malware. Crisis averted!
WinRAR is a popular piece of software you’ve probably run into at least once in the past — a shareware app that helps you unzip RAR files — but a vulnerability discovered in the latest release could pose a serious problem for thousands of users.
According to a security report by Vulnerability Lab, the latest version of WinRAR can execute malicious code as you unzip an SFX archive — completely without your knowledge.
SFX archives are a specific kind of RAR file that’s commonly wrapped around pirated software to help install files in the right directory or provide instructions to users as they unzip the files.
The proof of concept code allows the attacker to exploit the HTML instruction view shown in the installer to download an executable from the internet, then run that on the user’s system without their knowledge.
MalwareBytes confirmed the vulnerability’s existence, noting that it hasn’t been patched and only requires “trivial” modifications to the proof of concept code to attack users. It’s unclear how many users are affected by the exploit, though WinRAR proudly claims 500 million users on its site.
➤ WinRAR remote code execution vulnerability [SECLISTS]
Image credit: Shutterstock