... A researcher has found a way to exploit popular archival utility WinRAR to remotely execute malicious code on users' computers, without any interaction being required. Iranian researcher Mohammad Reza Espargham found that it was possible to use WinRAR SFX 2.51 to add malicious payloads that would execute when users decompress archives. A specially crafted hyper text mark-up language (HTML) text file that is parsed and which attempts to download and run potentially malicious code can be included in WinRAR SFX archives, Espargham noted. The researcher suggested secure parsing of the text file, and encoding of the URL value parameter...