Why you should not open RAR files


#1

RAR or any other archived format like ZIP for that matter …

As a general rule

DO NOT OPEN FILES RECEIVED FROM PEOPLE YOU DON’T KNOW

If you do post on this forum with links to rar/zip/whatever files
I will come, remove the link and give you a warning
and if you continue I will consider you as a threat against the users of this forum and ban you

Why?

Here why:

Computer World - Critical flaw puts 500 million WinRAR users at risk of being pwned by unzipping a file

Critical flaw puts 500 million WinRAR users at risk of being pwned by unzipping a file
A critical remote code execution flaw in WinRAR could put 500 million users at risk of having their computers compromised if they simply open an infected zipped file, but the company behind WinRAR basically blew off the vulnerability.
SEP 30, 2015 7:56 AM PT

SecList - WinRAR SFX v5.21 - Remote Code Execution Vulnerability

WinRAR SFX v5.21 - Remote Code Execution Vulnerability
A remote code execution vulnerability has been discovered in the official WInRAR SFX v5.21 software.
The vulnerability allows remote attackers to unauthorized execute system specific code to comrpomise a target system.
Mon, 28 Sep 2015 10:23:26 +0200

Blog - 7-Zip: Multiple Memory Corruptions via RAR and ZIP

7-Zip: Multiple Memory Corruptions via RAR and ZIP
In my previous posts about the two Bitdefender bugs related to 7z, I explicitly mentioned that Igor Pavlov’s 7-Zip reference implementation was not affected. Unfortunately, I cannot do the same for the bugs described in this blog post.

I found these bugs in a prominent antivirus product and then realized that 7-Zip itself was affected. As the antivirus vendor has not yet published a patch, I will add the name of the affected product in an update to this post as soon as this happens. Since Igor Pavlov has already published a patched version of 7-Zip and exploitation is likely to be easier for 7-Zip, I figured it would be best to publish this post as soon as possible.

January 23, 2018

The Register - They forked this one up: Microsoft modifies open-source code, blows hole in Windows Defender

They forked this one up: Microsoft modifies open-source code, blows hole in Windows Defender
Rar! That’s a scary bug

A remote-code execution vulnerability in Windows Defender – a flaw that can be exploited by malicious .rar files to run malware on PCs – has been traced back to an open-source archiving tool Microsoft adopted for its own use.

The bug, CVE-2018-0986, was patched on Tuesday in the latest version of the Microsoft Malware Protection Engine (1.1.14700.5) in Windows Defender, Security Essentials, Exchange Server, Forefront Endpoint Protection, and Intune Endpoint Protection. This update should be installed, or may have been automatically installed already on your device.

The vulnerability can be leveraged by an attacker to achieve remote code execution on a victim’s machine simply by getting the mark to download – via a webpage or email or similar – a specially crafted .rar file while the anti-malware engine’s scanning feature is on. In many cases, this analysis set to happen automatically.

4 Apr 2018 at 21:37

Blog - 7-Zip: From Uninitialized Memory to Remote Code Execution

7-Zip: From Uninitialized Memory to Remote Code Execution
After my previous post on the 7-Zip bugs CVE-2017-17969 and CVE-2018-5996, I continued to spend time on analyzing antivirus software. As it happens, I found a new bug that (as the last two bugs) turned out to affect 7-Zip as well. Since the antivirus vendor has not yet published a patch, I will add the name of the affected product in an update to this post as soon as this happens.

May 1, 2018

Blog - F-Secure Anti-Virus: Remote Code Execution via Solid RAR Unpacking

F-Secure Anti-Virus: Remote Code Execution via Solid RAR Unpacking
As I briefly mentioned in my last two posts about the 7-Zip bugs CVE-2017-17969, CVE-2018-5996, and CVE-2018-10115, the products of at least one antivirus vendor were affected by those bugs. Now that all patches have been rolled out, I can finally make the vendor’s name public: It is F-Secure with all of its Windows-based endpoint protection products (including consumer products such as F-Secure Anti-Virus as well as corporate products such as F-Secure Server Security).

June 5, 2018

etc…


There always gonna be one way or another that some specific files can be exploited and specially crafted so by just opening a file you end up getting some virus/malware and other nasty shit

whether you have an antivirus software, whether the file is hosted on google docs, whatever …
it does not make you safe

also to just show source code to someone else this is ultimately stupid and lazy

  • you can perfectly insert and format tons of code in this forum by using the markdown notation
    • simply use 3 backticks `
    • go to the line
    • write or copy/paste the code
    • go to the line
    • and use 3 backticks ` again
    • see Markdown Reference

Here a small example

package something
{
    public class SomeClass
    {
        public var abc:int;
        public var def:String;
        
        public function SomeClass()
        {
            trace( "this is actionscript" );
        }
    }
}

There is no excuses, period.

If you want to post code on this forum you either learn the markdown syntax to do it or you create a pastebin or you create a github gist, or anything online that is equivalent to that

you DO NOT post a link to a rar file or a zip file or any other kind of archive format
you ABSOLUTELY DO NOT post a link to any kind of executable files



Here the full Markdown Reference


How add HTML in adobe air (animate) for android and IOS