• Zero day, Remote Code Execution vulnerability found in stable version of WinRAR
    42 replies, posted
[QUOTE=Map in a box;48797584]does that thinkpad have malware on it[/QUOTE] of course it has its a lenovo don't ask such stupid questions.
[QUOTE=zeromancer;48797932]of course it has its a lenovo don't ask such stupid questions.[/QUOTE] Actually it isn't a Lenovo. They didn't own the Thinkpad brand at that time.
[QUOTE=Levelog;48797963]Actually it isn't a Lenovo. They didn't own the Thinkpad brand at that time.[/QUOTE] joke absolutely ruined good job
Winrar got a lot better for me when I realised I can just mash escape to close the popup each time instead of clicking on the x those seconds saved add up
I use [URL=http://www.peazip.org/]PeaZip[/URL] myself, something free that is still being maintained. Also has a fine looking UI that fits post-WinXP.
Look it doesn't matter what you use. The vulnerability is packed into the Self-Extracting executable. You know, the one that's built so the end user doesn't need WinRAR installed to extract files. Run a payloaded SFX and it'll run this code - unless as stated by FluD, you've disabled vbscript.
[QUOTE=subenji99;48800244]Look it doesn't matter what you use. The vulnerability is packed into the Self-Extracting executable. You know, the one that's built so the end user doesn't need WinRAR installed to extract files. Run a payloaded SFX and it'll run this code - unless as stated by FluD, you've disabled vbscript.[/QUOTE] its an _executable_ they don't need to use winrar for this exploit they could just use a virus with the winrar icon
well then you tell me why everyone decided to turn this thread into "what unpacker do you use" rather than actually focus on the risk
I've tried to switch to 7-zip several times. But I always quickly run into an issue where trying to open a file directly from an archive will just fail. It only works when it wants to. Extracting to a folder works perfectly, but I don't always want to do that. WinRAR has never failed me on this. This is literally the only reason I still use WinRAR.
[QUOTE=subenji99;48800371]well then you tell me why everyone decided to turn this thread into "what unpacker do you use" rather than actually focus on the risk[/QUOTE] This isn't really this first time this happens in SH. Besides, this topic is not really that big as if it would end in more then 10 pages. There is simply not so much to discuss.
[QUOTE=Jcw87;48800499]I've tried to switch to 7-zip several times. But I always quickly run into an issue where trying to open a file directly from an archive will just fail. It only works when it wants to. Extracting to a folder works perfectly, but I don't always want to do that. WinRAR has never failed me on this. This is literally the only reason I still use WinRAR.[/QUOTE] If you go into detail I might be able to help
Sorry, you need to Log In to post a reply to this thread.