Remote attackers can potentially abuse WinRAR's critical security flaw, exposing users to third-party infections. The vulnerability is found in the latest version of file compressor and decompressor 5.21.
The popular utility allows users to pack or unpack RAR, 7Z, ZIP, TAR, EXE, CAB, ISO or any other compatible file types, which means that the remote code execution can become widespread easily, giving extensive opportunities for hackers to attack.
Mohammad Reza Espargham, a researcher at Vulnerability Lab, found the security flaw and posted a video on YouTube about it in which he clearly demonstrates how the vulnerability can be exploited. Also, Vulnerability Lab posted a report on the Seclist, and according to the full disclosure, remote attackers could gain access and take control of a user's computer.
WinRAR self-extracting archives are executable files, so when a user opens one, it will immediately run, leaving no time for users to verify whether it's genuine or not. Malwarebytes' Pieter Arntz spoke up about the matter, explaining how the attacks could occur and saying to be careful for now.
"At this moment, the vulnerability is yet to be patched, so WinRAR users are advised to be extra vigilant when handling uninvited compressed SFX files. Be advised to download the new version as soon as a patch has been made available," Arntz posted on the Malwarebytes blog.
The exposure of the vulnerability issue, however, doesn't seem to faze WinRAR that much though.
RARLab said that there is no use in fixing such vulnerabilities, explaining that any SFX archive, like any other EXE file, has the potential to be harmful because of its design.
It seems that a patch for the severe security flaw will take some time to arrive, as RARLab doesn't seem to intend to make one anytime soon based on its official statement. The firm simply reminded users to open executable files only if the source is trusted, including SFX archives.
Windell Oskay | Flickr