Skip to main content
Critical Vulnerability Found in WinRAR Could Affect Millions of Users

A security vulnerability has been found in WinRAR, a file archiver and compressor utility for Windowsthat is estimated to be used by more than half a billion users. The vulnerability, if exploited, allows remote attackers to execute system specific code to compromise a computer.
A proof-of-concept exploit for WinRAR SFX v5.21 has been published. Iranian researcher Mohammad Reza Espargham reported the vulnerability to Full Disclosure, a popular forum for disclosure of security information. "The vulnerability allows unauthorised remote attackers to execute system specific code to compromise a target system," he said.
The vulnerability is said to affect all versions of WinRAR SFX, making its users extremely prone to attacks. Security firm MalwareBytes has independently confirmed the existence of the critical vulnerability in the said application.
The vulnerability, if exploited, allows a remote attacker to execute malicious code when a victim tries to unzip an SFX archive file, a type of RAR file that is often used to safeguard executable files. "Basically, the attack uses the option to write HTML code in the text display window when creating a SFX archive," writes MalwareBytes.
What makes the vulnerability, which has been flagged as critical, even more alarming is the fact that it requires very low user interaction. If the affected file is open, the malware could compromise the device or network. As of now, the vulnerability is yet to be patched.
Which is why you should be extra careful while handling any SFX archive, and probably not open an SFX file that you have received from an untrusted source. This is a good rule to follow for any file on the Internet of course, and even more so for self-executing files like exe and SFX. WinRAR developer RAR Labs in the meantime has responded to the issue, and said, "Executable files are potentially dangerous by design. Run them only if they are received from a trustworthy source. WinRAR self-extracting (SFX) archives are not less or more dangerous than other exe files."
Download the Gadgets 360 app for Android and iOS to stay up to date with the latest tech news, product reviews, and exclusive deals on the popular mobiles.

Comments

Post a Comment

Popular posts from this blog

Problem: Date Formatting cannot be Changed in Microsoft Excel

In this article, we will learn how to change the date formatting. We will use “Text to Column” wizard to resolve the problem of change the date formatting in Microsoft Excel. Let’s understand the functions: - Text to Column:  “Text to Column” is used for separating the cell content which is depending on the way your data is arranged. You can divide the data on the basis of content in the cell such as space, comma, period, semicolon, etc. Let’s take an example and understand how we can convert the date into Text. We have dates, foramatted as text in column A. Now, we want to convert it into date format.     If we want to convert the formatting into numbers, then we need to follow below given steps:- Select the range A2:A11. Go to Data tab, and click on Text to Columns from the Data tools group.     Covert Text to Columns Wizard – Step1 of 3 dialog box will appear. Select fixed width, and click on Next button.     Skip step-2, and...
Post a Comment
Read more
What is ssh? SSH , or Secure Shell, is a protocol used to securely log onto remote systems. It is the most common way to access remote Linux and Unix-like servers. ssh commands: If your username on the remote system is the same as your username on your local system:                               #ssh remote_host remote_host means ip address or domain name that you are trying to connect to. If your username is different on the remote system, you can specify it by using this syntax:                         #ssh remote_username@remote_host How to Set Up SSH on Linux systems Edit the configuration file of sshd #vim /etc/ssh/sshd_config It may be a good idea to change this to a non-standard port to help obscure your ...
Post a Comment
Read more