Yesterday I reported the news of two critical vulnerabilities that affect the popular TrueCryptTrueCrypt application and the related risks for the users, today a new zero-day flaw is threatening million of users of the latest version of WinRAR. Win Rar is a widely used software to compress/decompress files and folders, is account for more than 500 million installations.
The WinRAR RCE vulnerability has been ranked as ‘High Severity’ and experts assigned it the scores 9 on CVSS (Common Vulnerability Scoring System).
The attacker can exploit the vulnerability in WinRAR by inserting a malicious HTML code inside the “Text to display in SFX window” section when the user is creating a new SFX file.
WinRAR SFX is a specific type of executable compressed file with self-extracting capabilities, the attacker can exploit it to run arbitrary code when the victims open an SFX files a demonstrated in the video proof-of-concept published by Espargham.
An attacker can successfully trigger the vulnerability with low user interaction, and compromise the system, the host network or the device.
“Exploitation of the code execution vulnerability requires low user interaction (open file) without privilege system or restricted user accounts.Successful exploitation of the remote code execution vulnerability in the WinRAR SFX software results in system, network or device compromise.” continues the advisory,
“The major disadvantage arises because of SFX files, as they start functioning as soon as the user clicks on them. Therefore, users cannot identify and verify if the compressed executable file is a genuine WinRAR SFX module or a harmful one.”
(Security Affairs – W , hacking)