Security1.10.2015

Critical vulnerability in WinRAR exposed

By Staff Writer

An independent vulnerability laboratory researcher has discovered a code execution vulnerability in WinRAR software.

The vulnerability allows remote attackers to execute system-specific code to compromise a target system.

The issue is located in the ‘Text and Icon’ function of the ‘Text to display in SFX window’ module.

Remote attackers are able to generate their own compressed archives with malicious payloads to execute system-specific codes.

The security risk of the code execution vulnerability is estimated as critical, with a CVSS (common vulnerability scoring system) count of 9.2.

The video below shows a proof of concept on how the vulnerability can be exploited.

More on security

A new DDoS Reflection Attack: Portmapper

Large DDoS attacks often use SYN and UDP vectors

Massive increase in DDoS attacks

Show comments

Forum discussion

Critical vulnerability in WinRAR exposed

More on security

Latest news

South Africa’s oldest institution collapsing in front of everyone’s eyes

These spam callers are breaking the law in South Africa

Plan for government-run petrol stations in South Africa

Capitec is changing the way South Africans grow their wealth

Strange development in battle over future of Internet in Africa

Major South African city cracking down on illegal electricity

Buy One, Spoil One – 50% OFF the 2nd Guest

New cars cheaper than the price of South Africa’s most expensive laptop

Huawei launches new premium tablet and wireless earbuds

More news

Customs seizes 30,600 counterfeit DStv goods

Prominent Internet provider back online after week-long outage

Warning to people buying and selling illegal prepaid electricity in South Africa

Online homeschooling in South Africa: A modern solution for modern families

Huge deal for Cell C

The company dominating hybrid car sales in South Africa

PrimeXBT named most innovative trading platform in South Africa

Delivery bike chaos — riders arrested and bikes confiscated

Netflix quietly increases prices in South Africa

Trending news

Surprising new information about South Africa’s Bitcoin Brothers

Huawei unveils its smartest watch ever — with a one-of-a-kind health feature

Eskom load-shedding update

Do a code audit on your software – and save time and money

Huawei launches smartwatches with 10-day battery life from R99 per month

Highest-paying programming languages in South Africa

Aspire to be more: Why mid-year is the perfect time to start your study journey

Watch out for these speed traps in South Africa

South Africa’s top smartphone brands

Industry News

How Host Africa migrated 10,000 customers – and grew to 100,000

Ambitious Academy’s VEST course – Learn professional video content creation in two weeks

Miway leads with value – introducing a two-year cashback reward

Empowering Seamless Retail: How Metacom’s ICT Solutions Drive Gelmar’s Success

PluxNet Fibre – South Africa’s community-focused fibre provider

Poll