Full Disclosure mailing list archives

Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability

From: Fernando Mercês <nandu88 () gmail com>
Date: Sun, 18 Oct 2015 08:38:06 -0200

RarLab answer: http://www.rarlab.com/vuln_sfx_html.htm

I don't think the work is useless... You probably learnt a lot writing this
guide and PoC code, but in fact an EXE can be manipulated in many ways to
run smaller pieces of code. There is no need to find a bug to do that. ;)


Att,

Fernando Mercês
mentebinaria.com.br <http://www.mentebinaria.com.br>
---------------------------

On Wed, Oct 7, 2015 at 3:16 PM, Shawn McMahon <syberghost () gmail com> wrote:

On Mon, Oct 5, 2015 at 8:16 AM, Stefan Kanthak <stefan.kanthak () nexgo de>
wrote:


That's why giving unsuspecting users *.EXE to install a software package
or to unpack an archive and thus training them to run almost anything
they get their hands on is a BLOODY STUPID idea in the first place.

ALWAYS use the platforms native package or archive formats to distribute
your software or files!


Perhaps it's my ignorance talking, but I just don't see how:

"Run this EXE that might contain bad stuff" is worse than:

"Install this .msi as Admin that might contain bad stuff" or "install this
RPM as root that might contain bad stuff" or "install this .pkg as root
that might contain bad stuff."

The vulnerability is installing things when you don't know what they are or
where they came from, not the particular form in which they're packaged. If
it's got a GUI, clicking on its packages is going to prompt you to escalate
privileges and install them.

If I'm missing something, drop some knowledge on me and I'll install it.
Even if it's not signed. :)

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread:

Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability Gynvael Coldwind (Oct 01)
- Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability Hernan Moller (Oct 05)
- Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability Stefan Kanthak (Oct 05)
  - Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability Shawn McMahon (Oct 08)
    - Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability Stefan Kanthak (Oct 10)
    - Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability Fernando Mercês (Oct 19)