WinRAR: disclosed self-extracting archive vulnerability is none

A security vulnerability found in the latest version of popular compression program WinRAR puts users of the software program at risk according to security researcher Mohammad Reza Espargham.

Attackers can exploit the vulnerability to execute code remotely on target machines requiring little user input in the process.

The vulnerability takes advantage of WinRAR’s self-extracting archives capability. This feature enables you to create archives that extract when they are executed so that compression software such as WinRAR is not required on the system the contents of the archive need to be extracted on.

It offers a convenient way to distribute compressed files, run commands before or after extraction, display license information or text and icons to the user extracting the contents.

mod apk

And it is this text and icons feature that attackers can exploit to run code remotely on the system. This is done by adding specially crafted HTML code to the text part which in turn will executed code on the target system when the user runs the self-extracting archive on the system.

winrar self extracting

Successful exploits enable attackers to run code on target systems, for instance to create new user accounts, install software or manipulate system settings.

WinRAR’s response suggests that the reported vulnerability is in fact none. The main reason for the statement is that self-extracting archives are executable files which end users need to run on their system.

Attackers could add payloads to the executable file itself as well or simply create a file that looks like a self-extracting archive, or, and this is without doubt another important argument, run any files included in the archive on the target machine automatically.

WinRAR self-extracting archives can be configured to run run files without user interaction which is even easier than having to add specially crafted HTML to the text component of the self-extracting archive.

Basically, what the folks at WinRAR are saying is that it makes no sense to limit the HTML capabilities of the program as there are simpler means to run malicious code on user systems.

The take away for users is that executable files can be harmful when they are run on machines. There are several ways to improve safety when it comes to running untrusted executable files on Windows PCs, for instance by using Sandboxie, a sandboxing program, or running these files in a virtual environment.

Now You: How do you handle untrusted files on Windows?


Article Name

WinRAR: disclosed self-extracting archive vulnerability is none


Martin Brinkmann


A recently discovered vulnerability in WinRAR puts users at risk by allowing attackers to execute code on target machines.

About Martin Brinkmann

Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand. You can follow Martin on Facebook, Twitter or Google+

You are here: Home > Security > WinRAR: disclosed self-extracting archive vulnerability is none

This entry passed through the Full-Text RSS service – if this is your content and you’re reading it on someone else’s site, please read the FAQ at