Skip to main content
Critical Vulnerability Found in WinRAR Could Affect Millions of Users



A security vulnerability has been found in WinRAR, a file archiver and compressor utility for Windowsthat is estimated to be used by more than half a billion users. The vulnerability, if exploited, allows remote attackers to execute system specific code to compromise a computer.
A proof-of-concept exploit for WinRAR SFX v5.21 has been published. Iranian researcher Mohammad Reza Espargham reported the vulnerability to Full Disclosure, a popular forum for disclosure of security information. "The vulnerability allows unauthorised remote attackers to execute system specific code to compromise a target system," he said.
The vulnerability is said to affect all versions of WinRAR SFX, making its users extremely prone to attacks. Security firm MalwareBytes has independently confirmed the existence of the critical vulnerability in the said application.
The vulnerability, if exploited, allows a remote attacker to execute malicious code when a victim tries to unzip an SFX archive file, a type of RAR file that is often used to safeguard executable files. "Basically, the attack uses the option to write HTML code in the text display window when creating a SFX archive," writes MalwareBytes.
What makes the vulnerability, which has been flagged as critical, even more alarming is the fact that it requires very low user interaction. If the affected file is open, the malware could compromise the device or network. As of now, the vulnerability is yet to be patched.
Which is why you should be extra careful while handling any SFX archive, and probably not open an SFX file that you have received from an untrusted source. This is a good rule to follow for any file on the Internet of course, and even more so for self-executing files like exe and SFX. WinRAR developer RAR Labs in the meantime has responded to the issue, and said, "Executable files are potentially dangerous by design. Run them only if they are received from a trustworthy source. WinRAR self-extracting (SFX) archives are not less or more dangerous than other exe files."
Download the Gadgets 360 app for Android and iOS to stay up to date with the latest tech news, product reviews, and exclusive deals on the popular mobiles.

Comments

Popular posts from this blog

Now You Can Use Reliance Jio 4G Services On 2G And 3G Smartphones

Indians will always be at the top in availing any free internet facility. As, Reliance Jio aims to offer free 4G internet to the 90% of Indians, hence, with one of its services now you can use Jio 4G services on 2G and 3G smartphones. Now You Can Use Reliance Jio 4G Services On 2G And 3G Smartphones Who doesn’t want the free internet? Of course, we all want, Indians will always be at the top in availing any free internet facility. Jio, which is also known as Reliance Jio and officially as Reliance Jio Infocomm Limited has already given its users free unlimited 4G data for 90 days. As the Reliance Jio aims to offer free 4G internet to the 90% of Indians along with the free voice calls and messaging services. So, we all must agree that Indians are always at the peak when it comes about available any internet facility. We all know Jio, which is also known as Reliance Jio Infocomm Limited has previously given its users free unlimited 4G data for 90 days. Not only that but even th...

Problem: Date Formatting cannot be Changed in Microsoft Excel

In this article, we will learn how to change the date formatting. We will use “Text to Column” wizard to resolve the problem of change the date formatting in Microsoft Excel. Let’s understand the functions: - Text to Column:  “Text to Column” is used for separating the cell content which is depending on the way your data is arranged. You can divide the data on the basis of content in the cell such as space, comma, period, semicolon, etc. Let’s take an example and understand how we can convert the date into Text. We have dates, foramatted as text in column A. Now, we want to convert it into date format.     If we want to convert the formatting into numbers, then we need to follow below given steps:- Select the range A2:A11. Go to Data tab, and click on Text to Columns from the Data tools group.     Covert Text to Columns Wizard – Step1 of 3 dialog box will appear. Select fixed width, and click on Next button.     Skip step-2, and...

Apple’s Lisa operating system to be released for free in 2018

Apple’s Lisa operating system to be released for free in 2018 The Computer History Museum in California has planned to release Apple’s legendary Lisa operating system (OS) for free as open source this year, the media reported. The Mountain View-based museum announced that the source code for Lisa, Apple’s computer that predated the Mac, has been recovered and was being reviewed by the tech giant itself, reports 9to5Mac. Lisa, released in 1983, was one of the first personal computers to come equipped with a graphical user interface and a support for mouse, but ultimately only sold 10,000 units. “Just wanted to let everyone know the sources to the OS and applications were recovered, I converted them to Unix end of line conventions and spaces for Pascal tabs after recovering the files using Disk Image Chef, and they are with Apple for review,” said Al Kossow, a software curator at the museum. “After that’s done, the code that is cleared for release by Apple will be m...