WinRaR SFX - Remote Code Execution
According to Mohammad Reza Espargham, a security researcher at Vulnerability-Lab, the stable version of WinRAR 5.21 for Windows computers is vulnerable to Remote Code Execution (RCE) flaw.
The vulnerability can be used by any attacker smartly to insert a malicious HTML code inside the "Text to display in SFX window" section when the user is creating a new SFX file.
WinRAR SFX is an executable compressed file type containing one or more file and is capable of extracting the contents of its own.
According to proof-of-concept video published by Espargham, latest WinRAR vulnerability allows remote hackers to execute arbitrary code on a victim's computer when opening an SFX file (self-extracting file).
Successful Exploitation requires low user interaction, and results in compromising users’:
Not yet Patched...
You may also want to read :
The vulnerability can be used by any attacker smartly to insert a malicious HTML code inside the "Text to display in SFX window" section when the user is creating a new SFX file.
WinRAR SFX is an executable compressed file type containing one or more file and is capable of extracting the contents of its own.
According to proof-of-concept video published by Espargham, latest WinRAR vulnerability allows remote hackers to execute arbitrary code on a victim's computer when opening an SFX file (self-extracting file).
Successful Exploitation requires low user interaction, and results in compromising users’:
- System
- Network
- Devic
Not yet Patched...
You may also want to read :
No comments
Post a Comment