Teddy Rogers Posted September 30, 2015 Posted September 30, 2015 WinRAR Vulnerability This vulnerability, which as of now has not received a CVE ID yet, allows a remote attacker to create a compressed file and execute code on the victim’s computer when they are processing to open the infected compressed SFX archive. Basically, the attack uses the option to write HTML code in the text display window when creating a SFX archive. https://blog.malwarebytes.org/security-threat/2015/09/latest-winrar-vulnerability-has-yet-to-be-patched/ Ted. 1
kao Posted September 30, 2015 Posted September 30, 2015 From comments of the article: this "issue" is basically "code execution can cause code execution"+1 to the author of the comment.
Fath0m Posted September 30, 2015 Posted September 30, 2015 I personally think its not a big thing, since you can infected any .exe if you have access to it. So why bother with perl code doing shit.
Teddy Rogers Posted October 3, 2015 Author Posted October 3, 2015 A response from the developers on this issue... http://www.rarlab.com/vuln_sfx_html.htmhttp://www.rarlab.com/vuln_sfx_html2.htm Ted.
xSRTsect Posted October 3, 2015 Posted October 3, 2015 (edited) +1 for the finding of the vuln-1 for the impact net value: 0 fu.ck$ given. Edited October 3, 2015 by xSRTsect
Teddy Rogers Posted October 7, 2015 Author Posted October 7, 2015 REDACTION: WinRAR Vulnerability Looks like Malwarebytes found themselves on the naughty boys list... https://blog.malwarebytes.org/news/2015/10/redaction-winrar-vulnerability/ Ted.
Loki Posted October 8, 2015 Posted October 8, 2015 Was a stupid one anyway. By run an exe, it might run code which is malicious..... shocker!
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now