Thursday, October 1, 2015

WinRar: A big flaw that is not really? – ZDNet France

Article updated October 1 at 9:30 am

A security vulnerability in WinRAR, it is enough to catch the eye: the commercial shareware is indeed widely used Windows to manage archives of compressed files and takes into account different formats. Distributed as shareware, the software is extremely popular and not count less than 500 million users.

But the Vulnerability Labs researchers have published on the site Seclists.org what they think is a critical security flaw in the decompression utility, an alert resumed later on the blog the Malwarebytes company that publishes the eponymous software.
 

The flaw reported by Vulnerability Labs operates functionality “Text to display in SFX Windows”, which displays HTML in the archive: for researchers, attackers can use this to create an archive containing a link to a malicious executable. At the opening of it, so the user could see his computer infected by malicious code without it does noticing: the executable generated by the “Self Extract Executable” might as well download silently malware and infect the machine.
 

For researchers Vulnerability Labs, the critical flaw is worrisome because it can remain invisible to the user, while asking from him minimal interaction. It has more not been corrected by the editor WinRAR, and for good reason: for the company behind the compression utility, Vulnerability Labs researchers are addressing the wrong problem.

Indeed, as the name suggests, the SFX function creates an executable file capable of autoextraire. This feature is particularly proposed to create archives to people who do not have the required decompression utility on their machine. Indeed, functionality creates an executable that can so completely logical execute malicious code.

“loophole” which focuses on the use of HTML features within the module will therefore not be corrected by the publisher, which considers that this feature remains legitimate for users who wish to use it , they explain in a reaction published by ZDNet.com.

LikeTweet

No comments:

Post a Comment