Critical Vulnerability Found in WinRAR Could Affect Millions of Users

Advertisement
By Manish Singh | Updated: 30 September 2015 18:58 IST
Critical Vulnerability Found in WinRAR Could Affect Millions of Users

A security vulnerability has been found in WinRAR, a file archiver and compressor utility for Windows that is estimated to be used by more than half a billion users. The vulnerability, if exploited, allows remote attackers to execute system specific code to compromise a computer.

A proof-of-concept exploit for WinRAR SFX v5.21 has been published. Iranian researcher Mohammad Reza Espargham reported the vulnerability to Full Disclosure, a popular forum for disclosure of security information. "The vulnerability allows unauthorised remote attackers to execute system specific code to compromise a target system," he said.

The vulnerability is said to affect all versions of WinRAR SFX, making its users extremely prone to attacks. Security firm MalwareBytes has independently confirmed the existence of the critical vulnerability in the said application.

The vulnerability, if exploited, allows a remote attacker to execute malicious code when a victim tries to unzip an SFX archive file, a type of RAR file that is often used to safeguard executable files. "Basically, the attack uses the option to write HTML code in the text display window when creating a SFX archive," writes MalwareBytes.

Advertisement

What makes the vulnerability, which has been flagged as critical, even more alarming is the fact that it requires very low user interaction. If the affected file is open, the malware could compromise the device or network. As of now, the vulnerability is yet to be patched.

Which is why you should be extra careful while handling any SFX archive, and probably not open an SFX file that you have received from an untrusted source. This is a good rule to follow for any file on the Internet of course, and even more so for self-executing files like exe and SFX. WinRAR developer RAR Labs in the meantime has responded to the issue, and said, "Executable files are potentially dangerous by design. Run them only if they are received from a trustworthy source. WinRAR self-extracting (SFX) archives are not less or more dangerous than other exe files."

 
Post your comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Apps, Laptops, Malware, Security, Vulnerability, WinRAR, Windows
cloudBuy Offers E-Commerce Platform for Indian Firms
Sony Xperia M2, Xperia M2 Aqua Now Receiving Android 5.1 Lollipop Update
Advertisement

Related Stories

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Infinix Hot 60i Launched With MediaTek Helio G81 SoC, 5,160mAh Battery
#Latest Stories
  1. Infinix Hot 60i Launched With MediaTek Helio G81 Ultimate SoC, 50-Megapixel Rear Camera
  2. OpenAI Said to Turn to Google's AI Chips to Power ChatGPT and Other Products
  3. Samsung Tipped to Unveil Tri-Fold Smartphone With Galaxy Z Fold 7, Z Flip 7; Launch Timeline Leaked
  4. iPhone 17 to Feature Slightly Larger Display Than iPhone 16, Tipster Claims
  5. Microsoft's Next-Gen AI Chip Production Reportedly Delayed to 2026
  6. Dead NASA Satellite Relay 2 May Have Caused Mysterious 2024 Radio Burst
  7. James Webb Telescope Captures First Direct Image of Saturn-Mass Exoplanet
  8. James Webb Telescope Detects Methanol and Ethanol Near Young Stars, Hinting at Life’s Origins
  9. Rubin Observatory Captures Distant Nebulae From Chilean Mountaintop
  10. Apple to Expand Swift Language Support to Android; Sets Up Android Working Group
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.