The latest version of WinRAR has dangerous security flaws

WinRAR, the popular file compression program, has a security vulnerability that allows attackers to execute remote code on the user's computer when opening an SFX file (a self-extracting file).

winrar bug sfx

The error was discovered by Mohammad Reza Espargham from Vulnerability Lab, as well as by Pieter Arntz from Malwarebytes.

According to both reports, the bug affects only the latest version WinRAR, 5.21, and can be used by any attacker who manages to insert malicious HTML code into the "Text to display in SFX window" section when creating a new SFX file.

After sending the file to a victim, malicious code is executed each time the file starts, and depending on the attacker's ability, it could compromise the system, network, or simple device. The attackers do not need special privileges on the target machine to exploit this vulnerability.

Because RAR and SFX files are used on a daily basis by a number of users, hackers have a high chance of using this bug out there.

A video - proof of the vulnerability is the following by Mohammad Reza Espargham.

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).