Join us at TNW Conference 2022 for insights into the future of tech →

The heart of tech

This article was published on September 30, 2015

    WinRAR security flaw opens users to remote attack just by unzipping files Update: Not so fast

    WinRAR security flaw opens users to remote attack just by unzipping files Update: Not so fast
    Owen Williams
    Story by

    Owen Williams

    Former TNW employee

    Owen was a reporter for TNW based in Amsterdam, now a full-time freelance writer and consultant helping technology companies make their word Owen was a reporter for TNW based in Amsterdam, now a full-time freelance writer and consultant helping technology companies make their words friendlier. In his spare time he codes, writes newsletters and cycles around the city.

    Update: WinRAR’s has officially responded to the vulnerability by saying that “executable files are potentially dangerous by design” and that it would be easier for attackers to just bundle a malicious file.

    Update 2: Malwarebytes says it’s not as bad as it first thought, and has redacted its post saying the flaw only affects users who intentionally run any unzipped malware. Crisis averted!

    WinRAR is a popular piece of software you’ve probably run into at least once in the past — a shareware app that helps you unzip RAR files — but a vulnerability discovered in the latest release could pose a serious problem for thousands of users.

    According to a security report by Vulnerability Lab, the latest version of WinRAR can execute malicious code as you unzip an SFX archive — completely without your knowledge.

    SFX archives are a specific kind of RAR file that’s commonly wrapped around pirated software to help install files in the right directory or provide instructions to users as they unzip the files.

    The proof of concept code allows the attacker to exploit the HTML instruction view shown in the installer to download an executable from the internet, then run that on the user’s system without their knowledge.

    MalwareBytes confirmed the vulnerability’s existence, noting that it hasn’t been patched and only requires “trivial” modifications to the proof of concept code to attack users. It’s unclear how many users are affected by the exploit, though WinRAR proudly claims 500 million users on its site.

     

     

    WinRAR remote code execution vulnerability [SECLISTS]

    Image credit: Shutterstock

    Published
    Back to top