WinRAR Vulnerability...

September 30, 2015

WinRAR Vulnerability

This vulnerability, which as of now has not received a CVE ID yet, allows a remote attacker to create a compressed file and execute code on the victim’s computer when they are processing to open the infected compressed SFX archive.

Basically, the attack uses the option to write HTML code in the text display window when creating a SFX archive.

https://blog.malwarebytes.org/security-threat/2015/09/latest-winrar-vulnerability-has-yet-to-be-patched/

Ted.

September 30, 2015

From comments of the article:

this "issue" is basically "code execution can cause code execution"

+1 to the author of the comment.

September 30, 2015

I personally think its not a big thing, since you can infected any .exe if you have access to it. So why bother with perl code doing shit.

October 3, 2015

A response from the developers on this issue...

http://www.rarlab.com/vuln_sfx_html.htm
http://www.rarlab.com/vuln_sfx_html2.htm

Ted.

October 3, 2015

+1 for the finding of the vuln

-1 for the impact

net value: 0 fu.ck$ given.

Edited October 3, 2015 by xSRTsect

October 7, 2015

REDACTION: WinRAR Vulnerability

Looks like Malwarebytes found themselves on the naughty boys list...

https://blog.malwarebytes.org/news/2015/10/redaction-winrar-vulnerability/

Ted.

October 8, 2015

Was a stupid one anyway. By run an exe, it might run code which is malicious..... shocker!

Sign In

WinRAR Vulnerability...

Recommended Posts

Teddy Rogers

Link to comment

Share on other sites

kao

Link to comment

Share on other sites

Fath0m

Link to comment

Share on other sites

Teddy Rogers

Link to comment

Share on other sites

xSRTsect

Link to comment

Share on other sites

Teddy Rogers

Link to comment

Share on other sites

Loki

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Community

Search