Wednesday, 30 September 2015

Researcher Makes Malicious SFX Archives Using WinRAR

Through a leak in the popular archiving program WinRAR it is possible to create a malicious SFX archive that random Internet users to attack, so warns the National Cyber ​​Security Center (NCSC), but according to the developers of the software it is a feature .

WinRAR is a very popular program for packing and unpacking files. Besides the standard RAR archive, the software can also make a Self Able Extract (SFX) archives. In this case the archive file is unpacked automatically when the user opens the file, regardless of whether they have installed WinRAR or not. By letting users open a malicious SFX archive an attacker could execute arbitrary code with the rights of the logged in user.

The vulnerability is caused by an attacker to create an SFX archive malicious HTML code in the "Text to display in SFX window" option can add. This allows an attacker to specify code to be executed automatically when you open the SFX file, such as downloading and executing an .exe file. According to the German Heise, it is a feature of the SFX-documented option. The developers of WinRAR could therefore see no reason to prevent the downloading of executable files via the web.

No comments:

Post a Comment