Friday, 2 October 2015

Symantec: WinRAR Flaw Less Serious Than Thought

A vulnerability in the popular WinRAR archiving progam which no update is available, and for which recently the National Cyber ​​Security Center (NCSC), the government warned is less severe than thought, say Symantec and developer RARLAB.

WinRAR is a very popular program for packing and unpacking files. Besides the standard RAR archive, the software can also make a Self Able Extract (SFX) archives. In this case the archive file is unpacked automatically when the user opens the file, regardless of whether they have installed WinRAR or not. SFX archives are basically just exe files and consist of the packed file and the un pack module WinRAR. By letting users open a malicious SFX archive an attacker could execute arbitrary code with the rights of the logged-in user, as this video shows.

The vulnerability makes it possible to be carried out when opening the SFX archive automatic code of the attacker, like downloading and installing malware. Contrary to some media reports, the problem not only for users of WinRAR, but to all Windows users who receive a malicious SFX archives. Symantec and RARLAB, developer of WinRAR, users need to open exe files, whether it is an SFX archive or not, always be careful.

RARLAB said in a statement that there are much simpler ways to attack users via a malicious SFX archive. Users also are advised not to open unexpected files or files from unknown or untrusted sources. The developer of WinRAR is therefore no plans to remove the option is now displayed where the use of attack, as this only legitimate users would hit.

No comments:

Post a Comment