Back to Home

Security vulnerability detected in WinRAR software / ESET NOD32 Blog

winrar security

Security vulnerability detected in WinRAR software

    This week, security researcher Mohammad Reza Espargham announced the discovery of a critical Remote Code Execution (RCE) vulnerability in the popular WinRAR v 5.21 archiver. This program is very popular among users around the world, it is used by more than 500 million people. The vulnerability allows attackers to create a special self-extracting SFX archive that will execute extraneous code on the user's computer.



    From the user's point of view, this vulnerability is insignificant, since SFX archives are executable files, which means that to activate the exploit, the user must download and run this file! unknown origin is highly discouraged (they can be malicious in themselves).

    The vulnerability is present in the Text and Icon archiver function of the Text to display in SFX window section.. To do this, a specially formatted HTML text must be added to the SFX archive. The vulnerability allows the unpacker executable code to download the executable file at the location indicated there and execute it. The vulnerability does not work when the SFX archive is unpacked by the archiver itself, and not through manual launch, i.e., without activating the initial executable code.


    Fig. Demonstration of exploitation of vulnerability.

    We do not recommend users to run executable files obtained from an untrusted source. It should be noted that WinRAR, in itself, contains a standard function that allows you to run an additional executable file when the user starts the SFX archive. In addition, SFX archives created by WinRAR are not digitally signed, so there is little chance for the user to verify that the archive file was not compromised by anyone (genuine). Attackers can take the original SFX archive, modify the unpacker code, and then distribute it on suspicious resources and torrents as legitimate. Such an operation is not an exploitation of any vulnerability, but will lead to similar consequences for the user.

    image

    Be secure.

    Read Next