KILLER! Unpatched WinRAR Vulnerability Puts 500 Million Users At Risk
Sep 30, 2015
Beware Windows Users! A new dangerous unpatched Zero-day Vulnerability has been detected in the latest version of WinRAR affects over millions of users worldwide. According to Mohammad Reza Espargham , a security researcher at Vulnerability-Lab , the stable version of WinRAR 5.21 for Windows computers is vulnerable to Remote Code Execution (RCE) flaw. WinRAR is one of the most popular utility program used to compress and decompress files with more than 500 Million installations worldwide. The WinRAR RCE vulnerability lie under the ' High Severity ' block, and scores 9 on CVSS ( Common Vulnerability Scoring System ). HOW WINRAR VULNERABILITY WORKS? Let's take a look at its actions. The vulnerability can be used by any attacker smartly to insert a malicious HTML code inside the " Text to display in SFX window " section when the user is creating a new SFX file. WinRAR SFX is an executable compressed file type containing one or more file