WinRAR Vulnerability Opens Up Users To Remote Code Execution

[Lucian Armasu]

Vulnerability found in WinRAR SFX 5.21 and discovered by Vulnerability Lab, a vulnerability research company, allows attackers to take over systems remotely.

WinRAR Vulnerability Opens Up Users To Remote Code Execution : Read more

 

[Vistouf]

Well, at least you linked to WinRAR's response. But still, why didn't you report that their reply amounts to "it's not a bug, it's a feature"? Heck, they even gave MORE ways to silently run an executable from an SFX archive!

Your article is disappointingly misleading.

 

[firefoxx04]

Windows security never ceases to amaze me.

 

[sergeyn]

Can anyone explain why is this considered a vulnerability ?

If I understand correctly - a hacker creates an executable which can download and run another executable which will require admin rights when run by the end user ??? In addition a hacker needs to find such an end user who doesn't ask himself "why a does self-extracting archive file want to modify my system" and blindly presses "yes" when UAC pops ????

And all this bullshit about "the way windows security works"...

The way Windows security works (for legacy programs) is that if a user wants to open or install something, then that file would essentially get access to the whole system anyway, and it's not further restricted in a significant way besides the initial UAC/Administrator prompt

Okay - I open a lot of "something" every day, windows paint and calculator are one of them, and I don't get UAC prompt, - is my system broken ?
I also wonder why people don't complain that on linux/unix applications are not further restricted in a significant way besides the initial root access ?

(Edits: grammar)

 

[xchoice]

Setup=putty.exe
Silent
Overwrite
Path=puttyfolder

nice 🙂

 

[jonathan1683]

so clicking an exe file from someone can give you a virus ?! we are all screwed!

 

[diddo]

Seems more an exe format fault (allowing to execute code where icon and text data should be, as for the vulnerability description) rather than a WinRar vulnerability, anyway it is quite worrying to know your software can be associated to an easy way to create forged exe with hidden executable instructions where data should be.
7-Zip and PeaZip sfx procedure, while more spartan, seems not having this issue, I'll not be surprised if it is unique to WinRar's procedure in building the self-extraction archives.

 

[bloc97]

The problem with this isn't the EXE, its the exe that is downloaded afterwards. You already gave permission to modify your system, so anyone who wants to bypass the Anti-Virus easily could use WinRAR. Antiviruses do not detect this vulnerability and do not warn the user of an potential virus. Either treat WinRAR as a virus or patch the vulnerability, simple.