WinRAR Vulnerability Opens Up Users To Remote Code Execution

Status
Not open for further replies.

Vistouf

Honorable
Jan 2, 2013
11
0
10,510
Well, at least you linked to WinRAR's response. But still, why didn't you report that their reply amounts to "it's not a bug, it's a feature"? Heck, they even gave MORE ways to silently run an executable from an SFX archive!

Your article is disappointingly misleading.
 

sergeyn

Distinguished
Oct 23, 2011
47
4
18,545
Can anyone explain why is this considered a vulnerability ?

If I understand correctly - a hacker creates an executable which can download and run another executable which will require admin rights when run by the end user ??? In addition a hacker needs to find such an end user who doesn't ask himself "why a does self-extracting archive file want to modify my system" and blindly presses "yes" when UAC pops ????

And all this bullshit about "the way windows security works"...
The way Windows security works (for legacy programs) is that if a user wants to open or install something, then that file would essentially get access to the whole system anyway, and it's not further restricted in a significant way besides the initial UAC/Administrator prompt
Okay - I open a lot of "something" every day, windows paint and calculator are one of them, and I don't get UAC prompt, - is my system broken ?
I also wonder why people don't complain that on linux/unix applications are not further restricted in a significant way besides the initial root access ?

(Edits: grammar)
 

diddo

Distinguished
Mar 10, 2010
115
0
18,680
Seems more an exe format fault (allowing to execute code where icon and text data should be, as for the vulnerability description) rather than a WinRar vulnerability, anyway it is quite worrying to know your software can be associated to an easy way to create forged exe with hidden executable instructions where data should be.
7-Zip and PeaZip sfx procedure, while more spartan, seems not having this issue, I'll not be surprised if it is unique to WinRar's procedure in building the self-extraction archives.
 

bloc97

Distinguished
Sep 12, 2010
1,030
0
19,460
The problem with this isn't the EXE, its the exe that is downloaded afterwards. You already gave permission to modify your system, so anyone who wants to bypass the Anti-Virus easily could use WinRAR. Antiviruses do not detect this vulnerability and do not warn the user of an potential virus. Either treat WinRAR as a virus or patch the vulnerability, simple.
 
Status
Not open for further replies.