Critical Vulnerability Found in WinRAR Could Affect Millions of Users

Advertisement
By Manish Singh | Updated: 30 September 2015 18:58 IST

A security vulnerability has been found in WinRAR, a file archiver and compressor utility for Windows that is estimated to be used by more than half a billion users. The vulnerability, if exploited, allows remote attackers to execute system specific code to compromise a computer.

A proof-of-concept exploit for WinRAR SFX v5.21 has been published. Iranian researcher Mohammad Reza Espargham reported the vulnerability to Full Disclosure, a popular forum for disclosure of security information. "The vulnerability allows unauthorised remote attackers to execute system specific code to compromise a target system," he said.

The vulnerability is said to affect all versions of WinRAR SFX, making its users extremely prone to attacks. Security firm MalwareBytes has independently confirmed the existence of the critical vulnerability in the said application.

Advertisement

The vulnerability, if exploited, allows a remote attacker to execute malicious code when a victim tries to unzip an SFX archive file, a type of RAR file that is often used to safeguard executable files. "Basically, the attack uses the option to write HTML code in the text display window when creating a SFX archive," writes MalwareBytes.

Advertisement

What makes the vulnerability, which has been flagged as critical, even more alarming is the fact that it requires very low user interaction. If the affected file is open, the malware could compromise the device or network. As of now, the vulnerability is yet to be patched.

Which is why you should be extra careful while handling any SFX archive, and probably not open an SFX file that you have received from an untrusted source. This is a good rule to follow for any file on the Internet of course, and even more so for self-executing files like exe and SFX. WinRAR developer RAR Labs in the meantime has responded to the issue, and said, "Executable files are potentially dangerous by design. Run them only if they are received from a trustworthy source. WinRAR self-extracting (SFX) archives are not less or more dangerous than other exe files."

 
Post your comments

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: Apps, Laptops, Malware, Security, Vulnerability, WinRAR, Windows
cloudBuy Offers E-Commerce Platform for Indian Firms
Sony Xperia M2, Xperia M2 Aqua Now Receiving Android 5.1 Lollipop Update
Advertisement

Related Stories

Samsung Galaxy Phones, Devices Are Now Available via Instamart With 10-Minute Instant Delivery
5 December 2025
Apple Announces App Store Awards 2025 Winners; Top Apps Include Tiimo, Cyberpunk 2077: Ultimate Edition, and More
5 December 2025
Check Airtel Call History Using Airtel Thanks App: A Step-By-Step Guide
3 December 2025
Government Says Sanchar Saathi App Optional, Can Be Removed; Apple Reportedly Plans to Oppose Mandatory Installation
3 December 2025
Government Removes Sanchar Saathi Pre-Installation Mandate After Pushback
3 December 2025
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Cloudflare Is Down Again For the Second Time in Weeks: See Affected Sites
  2. ACT Fibernet Launches New Broadband Plans With Free OTT Subscriptions
  3. Motorola Edge 70 With Pantone's 2026 Colour, Swarovski Crystals Launched
  4. HMD 101, HMD 100 With Built-In Radio Launched in India at These Prices
  5. Nothing Phone 3a Lite Goes on Sale in India at This Price
  6. Instamart to Provide 10-Minute Delivery of Samsung Galaxy Devices
  7. Here's What India Searched For the Most on Google in 2025
  8. Realme 16 Pro+ 5G New Leak Reveals Storage and Colour Variants
  9. Flipkart Buy Buy 2025 Sale: Nothing Phone 3, Phone 3a Deals Revealed
  10. Realme Says It Will Launch Two New Narzo Smartphones in India Soon
#Latest Stories
  1. Google’s Year in Search 2025: Top Trending Topics in India—From Gemini to Squid Games
  2. Vivo S50 Colour Options, Key Features Surface Online; Could Launch in India as Vivo V70
  3. CFTC Clears Path for Spot Crypto Trading on Regulated Platforms for the First Time
  4. Realme 16 Pro+ 5G Colour Options, Memory Configurations Leaked Again; Tipped to Launch With 7,000mAh Battery
  5. Cloudflare Outage Blocks Access to Several Websites Including BookMyShow, SpaceX, Coinbase
  6. Samsung Galaxy S26 Series to Offer Built-In Support for Company's 25W Magnetic Qi2 Charger: Report
  7. Airtel Discontinues Two Prepaid Recharge Packs in India With Data Benefits, Free Airtel Xtreme Play Subscription
  8. Samsung Galaxy Phones, Devices Are Now Available via Instamart With 10-Minute Instant Delivery
  9. NotebookLM App Gets an In-Built Camera, Lets Users Upload Images as a Source
  10. HMD 101 Launched in India With 1,000mAh Battery, Auto Call Recording Alongside HMD 100: Price, Features
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.