Author Topic: Warning for WinRAR Users  (Read 1201 times)

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Sr. Member
  • *****
  • Posts: 368
  • The Mystical Rose
    • View Profile
    • Security Garden
Warning for WinRAR Users
« on: September 30, 2015, 03:00:00 pm »
Latest WinRAR Vulnerability has Yet to be Patched | Malwarebytes Unpacked by Pieter Arntz.
Quote
This vulnerability, which as of now has not received a CVE ID yet, allows a remote attacker to create a compressed file and execute code on the victim’s computer when they are processing to open the infected compressed SFX archive.
As Pieter explained elsewhere:
Quote
Be extra careful when you receive SFX archives (.exe extension) because not only the compressed file could be dangerous, there can also be malicious code in the shell that gets triggered when you open the archive.

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Jasper The Rasper

  • Administrator
  • Full Member
  • *****
  • Posts: 161
    • View Profile
REDACTION: WinRAR Vulnerability
« Reply #1 on: October 07, 2015, 05:57:06 pm »
October 7, 2015 | BY Adam Kujawa

Quote
Hey Folks,

We here at Malwarebytes take pride in our ability to find the latest threats that users face on daily basis and do our best to not only block and remove them with our products but also inform the general public about their danger through our blog.

In a very few cases, we jump the gun in our efforts to explain a threat and end up posting information that hasn’t been thoroughly analyzed.

This is one of those cases.

We want to offer our most sincere apologies to WinRAR for any harm done by our reporting on a post first seen through the Full-Disclosure mailing list, we simply echoed the original reporting.

https://blog.malwarebytes.org/news/2015/10/redaction-winrar-vulnerability/