DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
November 17, 2018 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 175 people online.

 

Latest Reviews
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
 

Follow us
RSS
 

WinRAR self-extracting archive bug could allow remote code execution

Posted on Thursday, October 01 2015 @ 13:16:52 CEST by


Security researcher Mohammed Reza Espargham warns WinRAR 5.21 contains a bug in the way it handles self-extracting archives. The vulnerability allows an attacker to insert execute code on your computer of siphon off data. The issue only affects self-extracting archives, those are pretty rare and could be just as dangerous as an .exe file anyway so the issue shouldn't have a major impact.
A bug in the way that WinRAR handles the "Text and Icon" functionality for self-executing archives lets attackers add malicious code to be executed when the user simply clicks to open it—without ever needing to begin extracting the files. The exploit code can access any data and perform any operations the current user can, which is especially dangerous if the user is an administrator. A victim could receive a legit-looking archive (or even an empty one) that silently sets up an exploit in the background or steals data when it's executed.


Source: The Tech Report



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2018 DM Media Group bvba