Slashdot Mirror

← Back to Stories (view on slashdot.org)

500 Million Users At Risk of Compromise Via Unpatched WinRAR Bug

Posted by samzenpus on from the protect-ya-neck dept.

An anonymous reader writes: A critical vulnerability has been found in the latest version of WinRAR, the popular file archiver and compressor utility for Windows, and can be exploited by remote attackers to compromise a machine on which the software is installed. "The issue is located in the 'Text and Icon' function of the 'Text to display in SFX window' module," Vulnerability Lab explained in a post on on the Full Disclosure mailing list. "Remote attackers are able to generate own compressed archives with malicious payloads to execute system specific codes for compromise."

1 of 129 comments (clear)

  1. Re:WinRAR by mrchaotica · · Score: 5, Informative

    On the contrary; WinRAR sucks because it isn't open source. Instead, it's proprietary, spammy nag-ware.

    7Zip, the actual open source competitor to WinRAR, is much better.

    --

    "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz