Proof of concept could lead to nasty phish
A proof-of-concept exploit to pull off the trick has been published, and its creator reckons it works on all versions of WinRAR.
But it's pretty amusing that this kinda flaw exists.
WinRAR has been a popular shareware unzipping tool for Windows users over the last two decades. It is plugged heavily thanks to many reviews by software download sites like CNET and Softpedia.
Iranian researcher Mohammad Reza Espargham revealed the hole on the Full Disclosure security mailing list.
"The vulnerability allows unauthorised remote attackers to execute system specific code to compromise a target system," Espargham told Full Disclosure.
"The issue is located in the text and icon function of the 'text to display in [the self-extracting archive's]' window module. Remote attackers are able to generate [their] own compressed archives with malicious payloads to execute system specific codes for compromise."
The proof-of-concept code downloads and runs the SSH tool Putty.exe, by way of example.
MalwareBytes researcher Pieter Arntz says the proof-of-concept code needed subtle tweaking for it to work properly.
"The proof-of-concept requires some trivial changes before I got it to work," Arntz said, but that might have been down to a Perl version conflict. ®
Editor's note: This story has been updated to clarify what's possible when exploiting the flaw.
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Trusted Platform Module
- Zero trust