WinRAR found to be vulnerable to remote attacks, which affect users when they unzip SFX files

The popular compression and extraction tool, WinRAR has just been discovered to be vulnerable to remote attacks, which affect users when they unzip files.


The Next Web reports that a security firm called Vulnerability Labs, discovered the exploit has been found in the app.

The problem is extremely serious in that the attack can happen without the user being aware that the PC is being attacked. The vulnerability is said to affect archives in the format SFX. The full form of the abbreviation is Self-extracting archive, which are actually .EXE (executables). This is a common compression format in which illegal apps, aka pirated software are often wrapped and distributed. It is not uncommon that malicious codes are repackaged into such illegal apps, and this is one of the reasons why you should stay away from such potential risky stuff.

Here is a proof of concept video, which demos the vulnerability in WinRAR 5.21 and SFX:

When a user downloads and extracts a malicious SFX file, the script hidden in the HTML title, it allows the attacker to execute a remote attack, secretly.

If you don’t use or downloaded pirated software, you are probably safe. If you have WinRAR 5.21 installed, it is best to stay away from any SFX archive.

Popular security firm Malwarebytes, renowned for it’s anti-malware application of the same name, has tested the issue, and confirmed that the vulnerability affects WinRAR.

The app is extremely popular, and boasts about 500 Million users, so the amount of affected users, remains a big concern.  And here comes the worst part, the security vulnerability has not been patched by RAR Labs, despite the proof shown above, which comes as quite a shock.

WinRAR’s developers have indeed acknowledged that the issue exists in its app, by posting an official statement at its website. And this is what the statement reads:

Executable files are potentially dangerous by design. Run them only if they are received from a trustworthy source. WinRAR self-extracting (SFX) archives are not less or more dangerous than other exe files.

Well, that is not in the least helpful at all, and we are quite shocked in that what RAR Labs has stated. The message indirectly translates to “we will not fix the issue, and it is the user’s responsibility to ensure their PC’s safety”.

Hopefully third party security apps, may be able to detect and remove such malicious archives before any attacks take place.