Skip to main content
Critical Vulnerability Found in WinRAR Could Affect Millions of Users

A security vulnerability has been found in WinRAR, a file archiver and compressor utility for Windowsthat is estimated to be used by more than half a billion users. The vulnerability, if exploited, allows remote attackers to execute system specific code to compromise a computer.
A proof-of-concept exploit for WinRAR SFX v5.21 has been published. Iranian researcher Mohammad Reza Espargham reported the vulnerability to Full Disclosure, a popular forum for disclosure of security information. "The vulnerability allows unauthorised remote attackers to execute system specific code to compromise a target system," he said.
The vulnerability is said to affect all versions of WinRAR SFX, making its users extremely prone to attacks. Security firm MalwareBytes has independently confirmed the existence of the critical vulnerability in the said application.
The vulnerability, if exploited, allows a remote attacker to execute malicious code when a victim tries to unzip an SFX archive file, a type of RAR file that is often used to safeguard executable files. "Basically, the attack uses the option to write HTML code in the text display window when creating a SFX archive," writes MalwareBytes.
What makes the vulnerability, which has been flagged as critical, even more alarming is the fact that it requires very low user interaction. If the affected file is open, the malware could compromise the device or network. As of now, the vulnerability is yet to be patched.
Which is why you should be extra careful while handling any SFX archive, and probably not open an SFX file that you have received from an untrusted source. This is a good rule to follow for any file on the Internet of course, and even more so for self-executing files like exe and SFX. WinRAR developer RAR Labs in the meantime has responded to the issue, and said, "Executable files are potentially dangerous by design. Run them only if they are received from a trustworthy source. WinRAR self-extracting (SFX) archives are not less or more dangerous than other exe files."
Download the Gadgets 360 app for Android and iOS to stay up to date with the latest tech news, product reviews, and exclusive deals on the popular mobiles.

Comments

Post a Comment

Popular posts from this blog

The Best Web Hosting Services

Are you looking for the best web  hosting  services for your needs? Whether you need a place to host your small personal blog or a major corporate website, the following list will help you identify the best hosts to use. Finding the best web hosting service isn’t quite as straightforward as searching Google and choosing the one with the lowest price. There are a lot of issues to consider, including the reasons for  why  you need hosting and  how  you intend to use it. Once you have a handle on that, finding the right host becomes much easier. Choose one that’s undersized and you’ll end up with website outages and slow page loads, but choose one that’s oversized and you’ll be throwing money away. Defining Your Web Hosting Needs Before choosing your web host, you’ll need to think about your requirements. Consider the following concerns and decide the importance of each item on a scale of 0 to 10 (with 0 being not at all...
Post a Comment
Read more

Now You Can Use Reliance Jio 4G Services On 2G And 3G Smartphones

Indians will always be at the top in availing any free internet facility. As, Reliance Jio aims to offer free 4G internet to the 90% of Indians, hence, with one of its services now you can use Jio 4G services on 2G and 3G smartphones. Now You Can Use Reliance Jio 4G Services On 2G And 3G Smartphones Who doesn’t want the free internet? Of course, we all want, Indians will always be at the top in availing any free internet facility. Jio, which is also known as Reliance Jio and officially as Reliance Jio Infocomm Limited has already given its users free unlimited 4G data for 90 days. As the Reliance Jio aims to offer free 4G internet to the 90% of Indians along with the free voice calls and messaging services. So, we all must agree that Indians are always at the peak when it comes about available any internet facility. We all know Jio, which is also known as Reliance Jio Infocomm Limited has previously given its users free unlimited 4G data for 90 days. Not only that but even th...
Post a Comment
Read more

10 Essential Tips To Keep In Mind While Surfing The Internet

BENGALURU: Internet is an amazing resource which is stapled in many people’s day-to-day lives. It is very much informative but at the same time encircled with many dangers. Listed below are the strategies you can follow to stay safe on the internet as stated by Tech Radar India. Use your discretion on social media Online scams crops up almost everywhere in webpage such as an e-mail, tweet, Facebook post, or many other places. Never click on links that do not look like a real address or pop-ups that claim you have won millions of dollars—all these are scams in which one can easily get trapped. Also don’t fall prey to e-mails which ask you to help someone transfer a large amount of money out of their country delineating their long sad story. Hackers can access data through various innovative ways like sharing links of content that they feel the targeted person is likely to click. Be careful of what you are sharing Limit the content that you share on social media. Facebook...
Post a Comment
Read more