Thanks to Utilizer for the ping!!
Posted on 10/02/2015 4:22:09 PM PDT by Utilizer
... A researcher has found a way to exploit popular archival utility WinRAR to remotely execute malicious code on users' computers, without any interaction being required.
Iranian researcher Mohammad Reza Espargham found that it was possible to use WinRAR SFX 2.51 to add malicious payloads that would execute when users decompress archives.
A specially crafted hyper text mark-up language (HTML) text file that is parsed and which attempts to download and run potentially malicious code can be included in WinRAR SFX archives, Espargham noted.
The researcher suggested secure parsing of the text file, and encoding of the URL value parameter in the outgoing module HTTP GET request, as ways to protect against the flaw.
(Excerpt) Read more at itnews.com.au ...
Ping...
Winrar uses are behind the eight ball. 7zip or homegrown C code is the only way.
I quit using WinRAR sometime during the last century, I believe.
7zip is the only way to go.
btw, ANY SFX facility that lets you roll your own executable, including 7zsfx, can include malicious content, given that these bundles can contain any kind and amount of various executable codes, so this article contains no real news, and the issue is not specific to he WinRAR SFX.
Here’s a tip for everyone: on Windows, if a file ends in .exe, assume it will destroy your computer unless you are absolute certain that the source is 100% legitimate.
WinRAR SFX = self extracting archive. It created an exe you run to decompress. It is inherently unsafe, so the exploit may not be such a big deal.
What most people sue is WinRAR, which compresses and decompresses .rar files. This is still safe.
These days, I scan everything I download with 3 different programs. Better safe than sorry...
Thanks to Utilizer for the ping!!
Summary
To WinRAR users: most of latest publications about WinRAR vulnerability are heavily hyperbolized. WinRAR itself is not affected and you can use it to unpack all kinds of archives including self-extracting (.exe) as long as you unpack them with WinRAR and do not run them. The newly discovered issue does not add new risks to SFX archives (.exe files). You still need to run them only if they are received from a trustworthy source, as before. No patches for WinRAR are needed. If you have not installed Windows MS14-064 security update, please do it. It is important for entire Windows security, not just for WinRAR SFX.
To journalists and security experts: .exe files can run the executable code. They can even download and run files, really. Exe files are potentially dangerous. Any exe files. But .rar and .zip files are not .exe. Unpatched Windows systems are not safe. Thank you.
7Zip all the way! WinRAR? I'm surprised to hear there are still legitimate copies of the software out there. I thought they went the way of WinZip.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.