DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
July 19, 2019 
Main Menu
News archives

Who's Online
There are currently 143 people online.


Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset

Follow us

WinRAR self-extracting archive bug could allow remote code execution

Posted on Thursday, October 01 2015 @ 13:16:52 CEST by

Security researcher Mohammed Reza Espargham warns WinRAR 5.21 contains a bug in the way it handles self-extracting archives. The vulnerability allows an attacker to insert execute code on your computer of siphon off data. The issue only affects self-extracting archives, those are pretty rare and could be just as dangerous as an .exe file anyway so the issue shouldn't have a major impact.
A bug in the way that WinRAR handles the "Text and Icon" functionality for self-executing archives lets attackers add malicious code to be executed when the user simply clicks to open it—without ever needing to begin extracting the files. The exploit code can access any data and perform any operations the current user can, which is especially dangerous if the user is an administrator. A victim could receive a legit-looking archive (or even an empty one) that silently sets up an exploit in the background or steals data when it's executed.

Source: The Tech Report



DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba