A leak in the popular WinRAR software makes more than 500 miljoen users vulnerable an attack that allows cybercriminals to fully take control over the computer. The affected vulnerability makes it possible that malicious code can be executed when opening self-extracting (SFX) ZIP or RAR files.
Security researcher Mohammad Reza Espargham posted his findings on the Full Disclosure website which rated the security risk as high. Code hidden in compressed files can abuse a shortcoming in the software. Espargham writes about this, "The issue is located in the 'Text and Icon' function of the 'Text to display in SFX window' module. Remote attackers are able to generate own compressed archives with malicious payloads to execute system specific codes for compromise. The attackers saved in the SFX archive input the malicious generated html code. Thus results in a system specific code execution when a target user or system is processing to open the compressed archive."
Espargham has also written a Proof of Concept to demonstrate the vulnerability which according to Malwarebytes researcher Pieter Antz requires some small modifications but is able to exploit the leak in WinRAR.
According to the developers of WinRAR, Rarlab, the self-extracting compressed files, "are potentially dangerous by design. Run them only if they are received from a trustworthy source. WinRAR self-extracting (SFX) archives are not less or more dangerous than other exe files."
