WinRAR self-extracting archive bug could allow remote code execution

Posted on Thursday, Oct 01 2015 @ 13:16 CEST by Thomas De Maesschalck
Security researcher Mohammed Reza Espargham warns WinRAR 5.21 contains a bug in the way it handles self-extracting archives. The vulnerability allows an attacker to insert execute code on your computer of siphon off data. The issue only affects self-extracting archives, those are pretty rare and could be just as dangerous as an .exe file anyway so the issue shouldn't have a major impact.
A bug in the way that WinRAR handles the "Text and Icon" functionality for self-executing archives lets attackers add malicious code to be executed when the user simply clicks to open it—without ever needing to begin extracting the files. The exploit code can access any data and perform any operations the current user can, which is especially dangerous if the user is an administrator. A victim could receive a legit-looking archive (or even an empty one) that silently sets up an exploit in the background or steals data when it's executed.

Source: The Tech Report

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments