Full Disclosure mailing list archives
Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability
From: "Stefan Kanthak" <stefan.kanthak () nexgo de>
Date: Mon, 5 Oct 2015 14:16:57 +0200
"Gynvael Coldwind" <gynvael () coldwind pl> wrote:
Correct me if I'm wrong, but the vulnerability can be summarized as: if you run an untrusted .exe you might execute malicious code?
Amen!
I hardly see this as giving anything new to the attacker who can just create a malicious exe file, set the winrar sfx icon and send it to the victim.
That's why giving unsuspecting users *.EXE to install a software package or to unpack an archive and thus training them to run almost anything they get their hands on is a BLOODY STUPID idea in the first place. ALWAYS use the platforms native package or archive formats to distribute your software or files!
Keep in mind that not every unexpected behavior or software bug is a security vulnerability. (and no, potential AV bypass doesn't make it a vulnerability either)
Right again. stay tuned Stefan _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability Gynvael Coldwind (Oct 01)
- Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability Hernan Moller (Oct 05)
- Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability Stefan Kanthak (Oct 05)
- Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability Shawn McMahon (Oct 08)
- Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability Stefan Kanthak (Oct 10)
- Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability Fernando Mercês (Oct 19)
- Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability Shawn McMahon (Oct 08)