Number: IRCNE2015102649
Date: 2015/10/06
According to “zdnet”, an unpatched, critical remote code execution flaw within WinRAR's SFX archive features has been disclosed by a researcher.
WinRAR, available for Windows users, is an unzipping tool able to decompress .ZIP, .RAR and .7Z files, among others.
However, a security flaw which reportedly allows for remote code execution has been discovered in WinRAR SFX version 5.21.
Granted a CVSS score of 7.4, the vulnerability could allow hackers to remotely execute system code and compromise victim machines, leading to control, surveillance and potentially data theft. A CVE score is yet to be issued.
According to Espargham, the flaw is located in the text and icon function of the "Text to display in SFX window" module. Attackers can generate compressed archives with malicious payloads embedded within, complete with specific commands designed to compromise a PC through Perl code.
"Thus results in a system specific code execution when a target user or system is processing to open the compressed archive," the researcher says.
The vulnerability is deemed critical as the exploit requires low user interaction -- merely the opening of a file -- without reference to user account privileges.
Espargham included a proof-of-concept exploit, and the researcher believes it affects all versions of WinRAR. Such a critical but easy to utilize exploit is a gift for cyberattackers, who likely would use such a vulnerability in phishing campaigns.
- 14