Attackers can exploit the vulnerability to execute code remotely on target machines requiring little user input in the process.
The vulnerability takes advantage of WinRAR's self-extracting archives capability. This feature enables you to create archives that extract when they are executed so that compression software such as WinRAR is not required on the system the contents of the archive need to be extracted on.
It offers a convenient way to distribute compressed files, run commands before or after extraction, display license information or text and icons to the user extracting the contents.
And it is this text and icons feature that attackers can exploit to run code remotely on the system. This is done by adding specially crafted HTML code to the text part which in turn will executed code on the target system when the user runs the self-extracting archive on the system.
Successful exploits enable attackers to run code on target systems, for instance to create new user accounts, install software or manipulate system settings.
WinRAR's response suggests that the reported vulnerability is in fact none. The main reason for the statement is that self-extracting archives are executable files which end users need to run on their system.
Attackers could add payloads to the executable file itself as well or simply create a file that looks like a self-extracting archive, or, and this is without doubt another important argument, run any files included in the archive on the target machine automatically.
WinRAR self-extracting archives can be configured to run run files without user interaction which is even easier than having to add specially crafted HTML to the text component of the self-extracting archive.
Basically, what the folks at WinRAR are saying is that it makes no sense to limit the HTML capabilities of the program as there are simpler means to run malicious code on user systems.
The take away for users is that executable files can be harmful when they are run on machines. There are several ways to improve safety when it comes to running untrusted executable files on Windows PCs, for instance by using Sandboxie, a sandboxing program, or running these files in a virtual environment.
Now You: How do you handle untrusted files on Windows?
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.