Latest Version of WinRAR Plagued by Dangerous Security Bug

Status
Not open for further replies.
frogboy

frogboy

In memoriam 1961-2018
Thread author
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
Content source
http://news.softpedia.com/news/latest-version-of-winrar-is-plagued-by-a-dangerous-security-bug-493158.shtml
WinRAR 5.21 affected by remote code execution vulnerability

WinRAR, the popular file compression and decompression utility, has a security vulnerability that allows attackers to remotely execute code on the user's computer when opening an SFX (Self-extracting archive) file.
The bug was discovered by Mohammad Reza Espargham from Vulnerability Lab, and was also reproduced by Pieter Arntz from Malwarebytes.
According to the vulnerability disclosure details, the bug only affects the latest version, 5.21, and can be used by any attacker crafty enough to place malicious HTML code inside the "Text to display in SFX window" section when creating a new SFX file.
After sending the archive to a victim, whenever the file is launched, the malicious code is executed as well, and depending on the attacker's skill, it could lead to system, network or device compromise.
To exploit this vulnerability, attackers don't need special privileges on the targeted machine.

Full article. Latest Version of WinRAR Plagued by Dangerous Security Bug
 
  • Like
Reactions: BoraMurdar, scot, Solarlynx and 7 others
XhenEd

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
All other things being equal, HMP.A and MBAE can defeat this exploit, right?
 
  • Like
Reactions: Solarlynx
Enju

Enju

Level 9
Verified
Well-known
Jul 16, 2014
443
Executable files can contain malware? Never expected that! :D
Everyone switching to other software isn't getting any additional security since this exploit is based on the self extracting archives of Winrar which are .exe files. It doesn't even matter if Winrar fixes this bug or not because this version has already gotten into circulation.
 
  • Like
Reactions: BoraMurdar, FleischmannTV, Sr. Normal and 3 others
Kantry123

Kantry123

Level 7
Verified
Well-known
Oct 20, 2014
321
sweet Lord
i've shifted to 7zip from past few years..

ALSO recent Igor has added support for RAR5 ...That was the only extra feature winRAR was having ...so now no need to go back ti winrara aymore

regards
 
Last edited:
  • Like
Reactions: XhenEd and frogboy
Solarlynx

Solarlynx

Level 15
Verified
Top Poster
Well-known
Apr 30, 2012
711
I stay with WinRar 5.21 and don't care about this exploit. Anyway I don't run any SFX from any archivers on my PC. Moreover I believe the exploit can be stopped by HIPS and FW if they properly tuned.

Then as I see you don't need WinRar at all to run this SFX. It's the hacker needs WinRar to create malicious SFX. So if you have WinRar you are not insecure. You are insecure if you ran this malicious SFX file what is actually true for all other archivers.

Cheers!
 
  • Like
Reactions: j9ksf, scot, XhenEd and 2 others
Status
Not open for further replies.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
WinRAR flaw lets hackers run programs when you open RAR archives - fixed in version 6.23
Replies
1
Views
1,760
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
[correlate]
    • Like
    • +Reputation
    • Applause
Fake WinRAR proof-of-concept exploit drops VenomRAT malware
Replies
1
Views
1,165
News Archive
SumTingWong
SumTingWong
LASER_oneXM
    • Like
    • Wow
    • +Reputation
WinRAR SFX archives can run PowerShell without being detected
Replies
0
Views
859
News Archive
LASER_oneXM
LASER_oneXM

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top