Skip to main content
Critical Vulnerability Found in WinRAR Could Affect Millions of Users



A security vulnerability has been found in WinRAR, a file archiver and compressor utility for Windowsthat is estimated to be used by more than half a billion users. The vulnerability, if exploited, allows remote attackers to execute system specific code to compromise a computer.
A proof-of-concept exploit for WinRAR SFX v5.21 has been published. Iranian researcher Mohammad Reza Espargham reported the vulnerability to Full Disclosure, a popular forum for disclosure of security information. "The vulnerability allows unauthorised remote attackers to execute system specific code to compromise a target system," he said.
The vulnerability is said to affect all versions of WinRAR SFX, making its users extremely prone to attacks. Security firm MalwareBytes has independently confirmed the existence of the critical vulnerability in the said application.
The vulnerability, if exploited, allows a remote attacker to execute malicious code when a victim tries to unzip an SFX archive file, a type of RAR file that is often used to safeguard executable files. "Basically, the attack uses the option to write HTML code in the text display window when creating a SFX archive," writes MalwareBytes.
What makes the vulnerability, which has been flagged as critical, even more alarming is the fact that it requires very low user interaction. If the affected file is open, the malware could compromise the device or network. As of now, the vulnerability is yet to be patched.
Which is why you should be extra careful while handling any SFX archive, and probably not open an SFX file that you have received from an untrusted source. This is a good rule to follow for any file on the Internet of course, and even more so for self-executing files like exe and SFX. WinRAR developer RAR Labs in the meantime has responded to the issue, and said, "Executable files are potentially dangerous by design. Run them only if they are received from a trustworthy source. WinRAR self-extracting (SFX) archives are not less or more dangerous than other exe files."
Download the Gadgets 360 app for Android and iOS to stay up to date with the latest tech news, product reviews, and exclusive deals on the popular mobiles.

Comments

Popular posts from this blog

How to find and remove duplicate files from PC uplicate files can cause all kinds of problems on your computer, taking up precious storage room, confusing your photo or media manager apps, and generally getting in the way of searches and other operations when you'd rather they didn't. You don't have to accept duplicate files as an inevitability of running a PC, though: Here's how to get rid of them. Duplicate files can crop up for all kinds of reasons: Maybe you downloaded a file, forgot it was there, and then downloaded it again; maybe you copied a folder of images and then never got around to getting rid of the originals. Whatever the reason, they clog up your disk space and shouldn't be left to gather dust. For the purposes of this guide we're going to use DupeGuru-it's Lifehacker's pick as the best duplicate file finder for Windows, and it's available for Mac and Linux as well. If you're not taken with DupeGuru, then some of the best al...

Gmail Automation

Gmail Automation: 5 Useful Google Scripts to Automate Your Gmail 1. Auto delete emails after X number of days Very often, after we read the email, we will just keep it in our inbox, regardless whether it is useful or not. While Google gives you tons of space to store your emails, you might still want to clean up your inbox and get rid of those useless emails. The following script can check emails with the “Delete Me” label and delete them after “x” number of days. 1. Go to  Google Scripts  and create a blank project (make sure you are logged into your Google account). Paste the following script and save it. function auto_delete_mails ( ) { var label = GmailApp.getUserLabelByName ( "Delete Me" ) ; if ( label == null ) { GmailApp.createLabel ( 'Delete Me' ) ; } else { var delayDays = 2 // Enter # of days before messages are moved to trash var maxDate = new Date ( ) ; maxDate.setDate ( maxDate.getDate ( ) -delay...

iPhone 7 and iPhone 7 Plus review: The best iPhones Apple has made

iPhone 7 and iPhone 7 Plus review: The best iPhones Apple has made 's tough meeting expectations years after year. And yet, Apple keeps doing it, although no longer as effortlessly as it would do earlier in this decade. The company launched the iPhone 7 and the iPhone 7 Plus on October 7 in the Indian market, a month after the global announcement of the two phones. These are the phones that look like incremental update to the iPhone 6S and the iPhone 6S Plus. But looks can be deceiving. And they surely are in this case. Of late, the iPhone is facing tough challenge from others in the market. The Galaxy S7 arguably has a better design. The Samsung phone also has better screen and, in most cases, better camera. Google's Nexus phones have better software. The HTC offers better sound in its high-end phones. The Sony phones are waterproof. All of this puts the iPhone at a back-foot. The good thing is that Apple knows these challenges and is meeting them head-on with t...