WinRar Vulnerability Puts 500 Million Users at Risk
Posted by: Timothy Weaver on 10/02/2015 09:29 AM
[
Comments
]
Over half a billion users of the WinRAR file compression tool could be at risk of infecting their computers, thanks to a newly discovered flaw in the application.
WinRAR is one of the most popular utility program used to compress and decompress files with more than 500 Million installations worldwide.
Security researcher, Mohammad Reza Espargham, with Vulnerability-Lab, found that the stable version of WinRAR 5.21 for Windows computers is vulnerable to Remote Code Execution (RCE) flaw. The flaw enables hackers to remotely execute system code and compromise victim's machines.
Rarlab, the firm behind WinRAR, said: "We can say that limiting SFX module HTML functionality would hurt only those legitimate users who need all HTML features, making absolutely no problem for a malicious person, who can use previous version SFX modules, custom modules built from UnRAR source code, their own code or archived executables for their purpose. We can only remind users once again to run .exe files, either SFX archives or not, only if they are received from a trustworthy source.”
Adam Schoeman, senior intelligence analyst at SecureData, said: "All an attacker needs to do is send a .zip or .rar file to a user and get them to open it. This is a pretty standard phishing tactic, which wouldn't normally require the user to execute a .exe file or exploit a vulnerability that can be patched.”
Source: HackerNews
WinRAR is one of the most popular utility program used to compress and decompress files with more than 500 Million installations worldwide.Security researcher, Mohammad Reza Espargham, with Vulnerability-Lab, found that the stable version of WinRAR 5.21 for Windows computers is vulnerable to Remote Code Execution (RCE) flaw. The flaw enables hackers to remotely execute system code and compromise victim's machines.
Rarlab, the firm behind WinRAR, said: "We can say that limiting SFX module HTML functionality would hurt only those legitimate users who need all HTML features, making absolutely no problem for a malicious person, who can use previous version SFX modules, custom modules built from UnRAR source code, their own code or archived executables for their purpose. We can only remind users once again to run .exe files, either SFX archives or not, only if they are received from a trustworthy source.”
Adam Schoeman, senior intelligence analyst at SecureData, said: "All an attacker needs to do is send a .zip or .rar file to a user and get them to open it. This is a pretty standard phishing tactic, which wouldn't normally require the user to execute a .exe file or exploit a vulnerability that can be patched.”
Source: HackerNews
Comments
