NOTE: Welcome to the Knowledge Sharing Blog! If you encounter any errors during use, such as error in download link, slow loading blog, or unable to access a certain page on the blog … please notify me. via Contact page. Thanks!
Winrar is one of the most popular compressors and decompressors today with hundreds of millions of users, and especially it is very safe for users because of its relatively high security. However, according to the researcher’s recent analysis Mohammad Reza Espargham said, Winrar on Windows platform (latest version 5.21) is suffering from an extremely serious vulnerability and is easily vulnerable to remote code execution (RCE) vulnerability.
How dangerous is the vulnerability on Winrar?
Hackers will take advantage of this vulnerability on Winrar to insert malicious HTML code into the “Text to display in SFX window“When creating a file SFX new. From there hackers can take control of your computer remotely, and harm your computer when you open and run that SFX file.
Note: Winrar SFX is a compressed executable that contains one or more files capable of decompressing content.
See the demonstration’s video Espargham.
So how do you deal with this danger?
Even if you remove Winrar to use other decompressors such as 7zip, Winzip .., it will not solve the problem. You still cannot avoid this vulnerability because the SFX file has the * .exe (Windows executable) extension. Currently, there is no fix for this dangerous vulnerability. However, you can apply the following way to check if the * .exe file downloaded from the internet is SFX.
Right-click on the executable file * .exe, if the right-click menu has the section to extract, 99% is SFX. You absolutely do not run this file when you discover it is an SFX file, but instead right-click and select Extract Here (unzip it here). This is a very secure way to open and ensure malicious code will not spread.
Note: Note that you must install Winrar on your computer to see Extract Here in the right-click menu.
Epilogue
Please share this article for everyone to know and avoid unfortunate data loss. While waiting for Winrar to update the patch, before you download any .exe file, check the above way before running them.
Hope this article will be useful to you, wish you success!
Kien Nguyen – techtipsnreview
Note: Was this article helpful to you? Don’t forget to rate, like and share with your friends and relatives!
Source: (!) WinRAR dangerous security hole and how to fix it
– TechtipsnReview
