Slashdot Mirror

← Back to Stories (view on slashdot.org)

500 Million Users At Risk of Compromise Via Unpatched WinRAR Bug

Posted by samzenpus on from the protect-ya-neck dept.

An anonymous reader writes: A critical vulnerability has been found in the latest version of WinRAR, the popular file archiver and compressor utility for Windows, and can be exploited by remote attackers to compromise a machine on which the software is installed. "The issue is located in the 'Text and Icon' function of the 'Text to display in SFX window' module," Vulnerability Lab explained in a post on on the Full Disclosure mailing list. "Remote attackers are able to generate own compressed archives with malicious payloads to execute system specific codes for compromise."

3 of 129 comments (clear)

  1. Click-bait BS by pegr · · Score: 5, Insightful

    So a self-extracting RAR can be rigged to exploit your machine. A self-extracting RAR is an executable. So a executable from an untrusted source can exploit your box. Wake me when you have a real vulnerability.

    Oh, and samzenpus, that was the most clickbait bullshit Slashdot headline in months. You should be horsewhipped.

  2. Re:WinRAR by mrchaotica · · Score: 5, Informative

    On the contrary; WinRAR sucks because it isn't open source. Instead, it's proprietary, spammy nag-ware.

    7Zip, the actual open source competitor to WinRAR, is much better.

    --

    "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

  3. Re:Huh? by gstoddart · · Score: 5, Funny

    You open first link, and you view the youtube video

    No way, opening links and viewing youtube videos is how you get exploited in the first place ... and it's sinful and could lead to dancing.

    --
    Lost at C:>. Found at C.