Jump to content
×
×
  • Create New...

Unpatched WinRAR Vulnerability Puts 500 Million Users At Risk


Ken

Recommended Posts

  • Moon
Beware Windows Users!
 
A new dangerous unpatched Zero-day Vulnerability has been detected in the latest version of WinRAR affects over millions of users worldwide.
 
According to Mohammad Reza Espargham, a security researcher at Vulnerability-Lab, the stable version of WinRAR 5.21 for Windows computers is vulnerable to Remote Code Execution (RCE) flaw.
 
WinRAR is one of the most popular utility program used to compress and decompress files with more than 500 Million installations worldwide.
 
The WinRAR RCE vulnerability lie under the ‘High Severity’ block, and scores 9 on CVSS (Common Vulnerability Scoring System).
 

HOW WINRAR VULNERABILITY WORKS?

 
Let’s take a look at its actions.
 
The vulnerability can be used by any attacker smartly to insert a malicious HTML code inside the "Text to display in SFX window" section when the user is creating a new SFX file.
 
WinRAR SFX is an executable compressed file type containing one or more file and is capable of extracting the contents of its own.
 
According to proof-of-concept video published by Espargham, latest WinRAR vulnerability allows remote hackers to execute arbitrary code on a victim's computer when opening an SFX file (self-extracting file).
Successful Exploitation requires low user interaction, and results in compromising users’:
  • System
  • Network
  • Devic
The major disadvantage arises because of SFX files, as they start functioning as soon as the user clicks on them. Therefore, users cannot identify and verify if the compressed executable file is a genuine WinRAR SFX module or a harmful one.
 

NO PATCH YET AVAILABLE

 
Unfortunately, there is no patch yet available to fix this vulnerability. However, Windows users are advised to:
  • Use an alternate archiving software
  • Do not click files received from unknown sources
  • Use strict authentication methods to secure your system
As for any exe file, users must run SFX archives only if they are sure that such archive is received from a trustworthy source. SFX archive can silently run any exe file contained in an archive, and this is the official feature needed for software installers”, WinRAR developer team at RARLAB quoted.
  • Love 5

Do not be sorry, be better.

Link to comment
Share on other sites

  • Replies 0
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.