WinRar Vulnerability Discovered, Should You Be Concerned


WinrarThe net is abuzz with news of a vulnerability uncovered in the popular WinRar software, potentially affecting over 500 million users worldwide. The vulnerability, which makes it possible for malicious code to be executed when opening self-extracting (SFX) ZIP or RAR files, was recently discovered by security researcher Mohammad Reza Espargham.

In summary; attackers can exploit the SFX vulnerability to execute code remotely on target machines by adding specially crafted HTML code via the software’s Text and Icon function.

Tech blogs have been quick to report this vulnerability, with some resorting to the usual sensationalism. For its part, Rarlab, the maker of WinRar, has responded with a very much “it’s all a fuss about nothing” approach. In a brief statement published online, Rarlab asserted that… “WinRAR self-extracting (SFX) archives are not less or more dangerous than other exe files“.

Essentially, Rarlab’s response makes the following points:

  1. Any executable is potentially dangerous, and especially so when received or downloaded from an unknown or untrusted source.
  2. Hackers can append malicious code to any SFX archive and then distribute same, it doesn’t necessarily have to be done through the WinRar software.
  3. Limiting WinRar’s HTML functionality would only hurt legitimate users while, for those with malicious intent, there are plenty of alternative avenues to achieve the same result.

All of which rings true. So, while Rarlab’s response might not be particularly empathetic, it does appear to be logical.


So, Should You be Concerned?

I am by no means an expert in security related matters but, on the other hand, it doesn’t take an Einstein to realize that these types of files, executables and especially self-extracting executables, are inherently risky anyway and should always be treated as such. Provided users apply the standard rule of thumb – i.e. unless received or downloaded from a known trusted source, these files should never be run outside of a sandbox or virtual environment, if at all –  there doesn’t appear to be any particular need for alarm.

 

Posted in:
About the Author

Jim Hillier

Jim is the resident freeware aficionado at DCT. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele... as well as writing for DCT, of course.

One Comment

  1. Winrar SFX archive can very well be opened by winrar.exe, just as plain .rar files, in that, nothing to worry I guess.