Latest WinRAR Vulnerability has Yet to be Patched: https://blog.malwarebytes.org/security-threat/2015/09/latest-winrar-vulnerability-has-yet-to-be-patched/
POC: http://seclists.org/fulldisclosure/2015/Sep/106
Be extra careful when you receive SFX archives (.exe extension) because not only the compressed file could be dangerous, there can also be malicious code in the shell that gets triggered when you open the archive
right on and thank u for the heads up!! I do a lot of music :)
would not want some bad ass sheat hitten my pc
Looking at the reaction of RARlab they will be in no hurry to fix this issue
http://www.v3.co.uk/v3-uk/news/2428326/winrar-critical-flaw-leaves-millions-open-to-compressed-file-attacks
QuoteExecutable files are potentially dangerous by design. Run them only if they are received from a trustworthy source. WinRAR SFX archives are not less or more dangerous than other exe files,
Fails to see that if a file does what you expect it to do, you may fail to notice that it does something else as well.
That certainly is a blaze attitude.
October 7, 2015 | BY Adam Kujawa
QuoteHey Folks,
We here at Malwarebytes take pride in our ability to find the latest threats that users face on daily basis and do our best to not only block and remove them with our products but also inform the general public about their danger through our blog.
In a very few cases, we jump the gun in our efforts to explain a threat and end up posting information that hasn’t been thoroughly analyzed.
This is one of those cases.
We want to offer our most sincere apologies to WinRAR for any harm done by our reporting on a post first seen through the Full-Disclosure mailing list, we simply echoed the original reporting.
https://blog.malwarebytes.org/news/2015/10/redaction-winrar-vulnerability/ (https://blog.malwarebytes.org/news/2015/10/redaction-winrar-vulnerability/)