WinRAR, the popular file compression and decompression utility, has a security vulnerability that allows attackers to remotely execute code on the user’s computer when opening an SFX (Self-extracting archive) file.
The bug was discovered by Mohammad Reza Espargham from Vulnerability Lab, and was also reproduced by Pieter Arntz from Malwarebytes.
According to the vulnerability disclosure details, the bug only affects the latest version, 5.21, and can be used by any attacker crafty enough to place malicious HTML code inside the “Text to display in SFX window” section when creating a new SFX file.
After sending the archive to a victim, whenever the file is launched, the malicious code is executed as well, and depending on the attacker’s skill, it could lead to system, network or device compromise.
To exploit this vulnerability, attackers don’t need special privileges on the targeted machine.
Because users interact with RAR and SFX files on a daily basis, hackers have a high chance of exploiting this bug in the wild.
If you’re an avid fan of this software program, don’t forget to keep an eye on WinRAR’s website, or on its Softpedia entry and download the latest version as soon as it comes out.
A proof-of-concept video was also provided by Mr. Espargham and can be viewed below. Mr. Espargham didn’t mention if WinRAR’s team was alerted about this issue.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.