[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FD] WinRAR SFX v5.21 - Remote Code Execution Vulnerability
- To: <research@xxxxxxxxxxxxxxxxxxxxx>, <gynvael@xxxxxxxxxxx>
- Subject: Re: [FD] WinRAR SFX v5.21 - Remote Code Execution Vulnerability
- From: "Stefan Kanthak" <stefan.kanthak@xxxxxxxx>
- Date: Mon, 5 Oct 2015 14:16:57 +0200
"Gynvael Coldwind" <gynvael@xxxxxxxxxxx> wrote:
> Correct me if I'm wrong, but the vulnerability can be summarized as: if you
> run an untrusted .exe you might execute malicious code?
Amen!
> I hardly see this as giving anything new to the attacker who can just
> create a malicious exe file, set the winrar sfx icon and send it to the
> victim.
That's why giving unsuspecting users *.EXE to install a software package
or to unpack an archive and thus training them to run almost anything
they get their hands on is a BLOODY STUPID idea in the first place.
ALWAYS use the platforms native package or archive formats to distribute
your software or files!
> Keep in mind that not every unexpected behavior or software bug is a
> security vulnerability.
>
> (and no, potential AV bypass doesn't make it a vulnerability either)
Right again.
stay tuned
Stefan
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/