WinRaR SFX - Remote Code Execution

According to Mohammad Reza Espargham, a security researcher at Vulnerability-Lab, the stable version of WinRAR 5.21 for Windows computers is vulnerable to Remote Code Execution (RCE) flaw.

The vulnerability can be used by any attacker smartly to insert a malicious HTML code inside the "Text to display in SFX window" section when the user is creating a new SFX file.
WinRAR SFX is an executable compressed file type containing one or more file and is capable of extracting the contents of its own.

According to proof-of-concept video published by Espargham, latest WinRAR vulnerability allows remote hackers to execute arbitrary code on a victim's computer when opening an SFX file (self-extracting file).

Successful Exploitation requires low user interaction, and results in compromising users’:
  • System
  • Network
  • Devic
The major disadvantage arises because of SFX files, as they start functioning as soon as the user clicks on them. Therefore, users cannot identify and verify if the compressed executable file is a genuine WinRAR SFX module or a harmful one.

Not yet Patched...

You may also want to read :

No comments

blogmytuts. Powered by Blogger.