A big vulnerability has been found in the most known archive program "Winrar", this vulnerability allows an attacker to spoof the file name of a malicious executable to any other file formats and opening it will results in the execution of the original executable.
This vulnerability can be used by changing file extension in two levels, the first level, the extension of the archived file will be changed by changing the archive hex, so now at this level, "Winrar" will display the file as your desired extension (.jpg, .jpeg, .png, .mp3, ....), the second level will be left as it is.
So by doing this, the "Winrar" will show the file by your desired extension, but the core of the file is a virus (or a server).
And you can watch this video which is explaining the vulnerability, and showing how to use it:
Just to keep in mind that this vulnerability has been tested the version 4.02 and the only patch of it is to use the latest version on the program (Winrar)
This vulnerability can be used by changing file extension in two levels, the first level, the extension of the archived file will be changed by changing the archive hex, so now at this level, "Winrar" will display the file as your desired extension (.jpg, .jpeg, .png, .mp3, ....), the second level will be left as it is.
So by doing this, the "Winrar" will show the file by your desired extension, but the core of the file is a virus (or a server).
And you can watch this video which is explaining the vulnerability, and showing how to use it:
Just to keep in mind that this vulnerability has been tested the version 4.02 and the only patch of it is to use the latest version on the program (Winrar)
0 comments:
Post a Comment