Unpacking The New WinRAR Vulnerability

Posted by UpGuard

Users of the highly popular Windows-based compression/decompression utility WinRAR be warned: a newly-discovered vulnerability could allow remote attackers to compromise Windows systems by exploiting a remote code execution (RCE) flaw. Despite this, RARLab has not issued a patch yet and doesn't plan on doing so. Is this a case of vendor negligience or an overhyped security alert?  

Due to WinRAR's popularity, the flaw could potentially impact millions of users globally. Vulnerability Lab first discovered the vulnerability days ago and has since labeled it a "High Severity" flaw. RARLabs, however, begs to differ—and purportedly does not plan on issuing a patch. The vulnerability involves WinRAR's self-extracting files archives, or SFX files. Malicious HTML code inserted into the “Text to display in SFX window” section could allow remote hackers to compromise local Windows systems with WinRAR installed. And because an SFX file self-extracts/executes upon being clicked, hapless users are left with little recourse when exploited.

Why the lack of interest on RARLabs' part? Because the vulnerability has less to do with WinRAR, and more with Windowsspecifically, certain MS Internet Explorer components used by a myriad of applications, including WinRAR. Windows systems unpatched since mid-2014 are open to compromise through this attack vector. Malwarebytesthe security firm that initially announced the vulnerabilityhas since issued an apology to RARLabs. 

The specific Windows patch for this vulnerability (CVE-2014-6332) can be downloaded/installed from Microsoft's website.

When it comes to software these days, caveat emptor. That said, discovering and identifying Windows desktop vulnerabilities can be a time-consuming and arduous affair. ScriptRock's vulnerability detection engine simplifies and automates this process, quickly identifying security gaps in your Windows systems—be it a single desktop or complete Windows environment. Give our platform a test drive today, on us.

Request a Free Demo

Source(s):

http://wccftech.com/winrar-exploit-could-put-500-million-users-at-risk/

http://betanews.com/2015/10/05/winrar-will-not-get-useless-security-patch-to-fix-vulnerability/

http://wccftech.com/winrar-exploit-could-put-500-million-users-at-risk/#ixzz3nuPpRw3R

 

 

 

UpGuard customers