Full Disclosure mailing list archives

Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability

From: "Stefan Kanthak" <stefan.kanthak () nexgo de>
Date: Mon, 5 Oct 2015 14:16:57 +0200

"Gynvael Coldwind" <gynvael () coldwind pl> wrote:

Correct me if I'm wrong, but the vulnerability can be summarized as: if you
run an untrusted .exe you might execute malicious code?


Amen!

I hardly see this as giving anything new to the attacker who can just
create a malicious exe file, set the winrar sfx icon and send it to the
victim.


That's why giving unsuspecting users *.EXE to install a software package
or to unpack an archive and thus training them to run almost anything
they get their hands on is a BLOODY STUPID idea in the first place.

ALWAYS use the platforms native package or archive formats to distribute
your software or files!

Keep in mind that not every unexpected behavior or software bug is a
security vulnerability.

(and no, potential AV bypass doesn't make it a vulnerability either)


Right again.

stay tuned
Stefan

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread:

Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability Gynvael Coldwind (Oct 01)
- Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability Hernan Moller (Oct 05)
- Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability Stefan Kanthak (Oct 05)
  - Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability Shawn McMahon (Oct 08)
    - Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability Stefan Kanthak (Oct 10)
    - Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability Fernando Mercês (Oct 19)