[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability
From: dev@xxxxxxxxxx
Date: Wed, 30 Sep 2015 11:04:53 GMT

I am WinRAR developer. We published the official comment on www.rarlab.com here:
http://rarlab.com/vuln_sfx_html.htm

This "vulnerability" is a non-issue. Why attempting to find some hackish 
esoteric way for a feature, which presents in SFX archives officially. Any SFX 
archive can run contained executable files, it is required for installers. Any 
SFX archive just like any exe file and any software installer is potentially 
dangerous for user computers and must be started only if received from a 
trustworthy source.

Self-extracting archives are .exe themselves, one of their basic functions is 
code execution for executables stored in archives. They also allow to run any 
kind of web downloaders, because it is
needed for software installers. So that researcher discovered that 
self-extracting archives, which are exe themselves and designed
to be able to run contained exe, can actually run exe. No surprise here and no 
new risks for users. All associated risks are already present in standard SFX 
functions and exe design.

Follow-Ups:
- RE: WinRAR SFX v5.21 - Remote Code Execution Vulnerability
  - From: Popovici, Alejo (LATCO - Buenos Aires)

Prev by Date: FreeBSD Security Advisory FreeBSD-SA-15:24.rpcbind
Next by Date: RE: WinRAR SFX v5.21 - Remote Code Execution Vulnerability
Previous by thread: WinRAR SFX v5.21 - Remote Code Execution Vulnerability
Next by thread: RE: WinRAR SFX v5.21 - Remote Code Execution Vulnerability
Index(es):
- Date
- Thread