WinRAR 5.21 affected by remote code execution vulnerability

Sep 30, 2015 03:02 GMT  ·  By

WinRAR, the popular file compression and decompression utility, has a security vulnerability that allows attackers to remotely execute code on the user's computer when opening an SFX (Self-extracting archive) file.

The bug was discovered by Mohammad Reza Espargham from Vulnerability Lab, and was also reproduced by Pieter Arntz from Malwarebytes.

According to the vulnerability disclosure details, the bug only affects the latest version, 5.21, and can be used by any attacker crafty enough to place malicious HTML code inside the "Text to display in SFX window" section when creating a new SFX file.

After sending the archive to a victim, whenever the file is launched, the malicious code is executed as well, and depending on the attacker's skill, it could lead to system, network or device compromise.

To exploit this vulnerability, attackers don't need special privileges on the targeted machine.

Because users interact with RAR and SFX files on a daily basis, hackers have a high chance of exploiting this bug in the wild.

If you're an avid fan of this software program, don't forget to keep an eye on WinRAR's website, or on its Softpedia entry and download the latest version as soon as it comes out.

A proof-of-concept video was also provided by Mr. Espargham and can be viewed below. Mr. Espargham didn't mention if WinRAR's team was alerted about this issue.

UPDATE: As one of our commenters has pointed out, WinRAR has provided an official statement on this issue.