A researcher has found a way to exploit popular archival utility WinRAR to remotely execute malicious code on users' computers, without any interaction being required.
Iranian researcher Mohammad Reza Espargham found that it was possible to use WinRAR SFX 2.51 to add malicious payloads that would execute when users decompress archives.
A specially crafted hyper text mark-up language (HTML) text file that is parsed and which attempts to download and run potentially malicious code can be included in WinRAR SFX archives, Espargham noted.
The researcher suggested secure parsing of the text file, and encoding of the URL value parameter in the outgoing module HTTP GET request, as ways to protect against the flaw.
Espargham gave the flaw a common vulnerabilities scoring system rating of 9.2, with 10 being the highest. WinRAR has around 500 million users worldwide.
WinRAR developer RARlab confirmed that it is possible to create SFX archives with a specially crafted HTML file that can download and execute malicious code on users computers, but insisted that this is not a flaw or vulnerability in the application.
"Executable files are potentially dangerous by design. Run them only if they are received from a trustworthy source.
"WinRAR self-extracting (SFX) archives are not less or more dangerous than other .exe files," the company argued.
.png&h=140&w=231&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
Integrate Expo 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
