Latest WinRAR Vulnerability has Yet to be Patched
SEPTEMBER 29, 2015 | BY PIETER ARNTZ
Yesterday, a proof-of-concept (PoC) was published for a vulnerability in WinRAR SFX v5.21, which is the latest version of the popular software used to compress and decompress files.
At this moment, the vulnerability is yet to be patched, so WinRAR users are advised to be extra vigilant when handling uninvited compressed SFX files. Be advised to download the new version as soon as a patch has been made available.
This vulnerability, which as of now has not received a CVE ID yet, allows a remote attacker to create a compressed file and execute code on the victim’s computer when they are processing to open the infected compressed SFX archive.
Basically, the attack uses the option to write HTML code in the text display window when creating a SFX archive, as you can see below:
The attacker can use this to execute malicious code on the computer of the person(s) that open the SFX archive.
We will update this post if there are any noteworthy changes.
Please note that the PoC code at seclists.org require some trivial changes before I got it to work. This could be due to the poster using a different version of Perl than me, or using a source filter.
Pieter Arntz