WinRAR SFX archive bug could put 500 million users in danger

— 4:51 PM on September 30, 2015

Are you one of the roughly 500 million people using WinRAR? Best be careful with the archives you open. Security researcher Mohammed Reza Espargham has discovered a flaw in the way WinRAR version 5.21 handles self-extracting archives. The vulnerability makes way for attacks like remote code execution and data siphoning. You can check out a video of the exploit in action:

A bug in the way that WinRAR handles the "Text and Icon" functionality for self-executing archives lets attackers add malicious code to be executed when the user simply clicks to open it—without ever needing to begin extracting the files. The exploit code can access any data and perform any operations the current user can, which is especially dangerous if the user is an administrator.  A victim could receive a legit-looking archive (or even an empty one) that silently sets up an exploit in the background or steals data when it's executed.

The bug scores 9.2, or "Critical," on the CVSS scale. However, WinRAR's developer Rarlab downplays the vulnerability. The developer says a self-executing archive is an executable in itself (something that requires careful handling to begin with). Rarlab says that a malicious attacker can achieve the same results by using other WinRAR self-extracting archive features, too.

Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.