Previous Story
WinRAR Critical Vulnerability Discovered
Posted On Sep 30 2015
Comment: Off
According to new reports, the popular unzipping tool contains an unpatched, critical remote code execution flaw.
Iranian researcher Mohammad Reza Espargham found that it was possible to use WinRAR SFX 2.51 to add malicious payloads that would execute when users decompress archives.
The stable version of WinRAR 5.21 for Windows is vulnerable to remote code execution (RCE) flaw.
He said that the risk posed by this flaw was “critical” and attributed it a cvss (common vulnerability scoring system) count of 9.2. Because all that’s required to execute the attack is the victim opening the file, this vulnerability is considered critical. It would be as easy for attackers to bundle a malicious executable instead of using the SFX archive.
As soon as the user clicks on a compromised SFX file, it starts functioning giving users no room to identify or verify if the compressed executable file is a genuine WinRAR SFX module or a compromised one.
Arntz said the code needed “trivial” changes before his firm got the exploit to work, but he said that this may be down to a version conflict in Perl. “It is useless to search for supposed vulnerabilities in SFX module or to fix such vulnerabilities, because as any exe file, SFX archive is potentially risky for user’s computer by design”.
A “malicious hacker can take any executable, prepend it to archive and distribute to users”. As for any exe file, users must run SFX archives only if they are sure that such archive is received from a trustworthy source.
With such vulnerabilities, users should be more vigilant about malware disguised files that could be downloaded on their systems and mobile devices. “This issue is even encountered with security software which itself can actually introduce security issues by introducing its own vulnerabilities (as proven recently in the media)”, he said. This could lead to not only your computer being compromised, but potentially also your network.
The statement about the vulnerability was also released by MalwareBytes’s Blog confirming the serious vulnerability in WinRAR 5FX. As of now, the vulnerability is yet to be patched. “Unfortunately no patch is now available so self extracting archive files received through any means should be opened with caution”.
