Due to this proof-of-concept code, the user is immensely susceptible to the attacks from outside. The attacker could exploit the HTML instruction view in the installer and write any malicious code on the computer that open the SFX file. Later, this executable can be run on the user’s system without their knowledge.
The flaw has been confirmed by MalwareBytes as well and the WinRAR SFX v5.21 users are advised to be careful with the random compressed SFX files.
WinRAR has confirmed the report saying, “Executable files are potentially dangerous by design. Run them only if they are received from a trustworthy source. WinRAR self-extracting (SFX) archives are not less or more dangerous than other .exe files.“
This is a serious flaw and hackers could target thousands and more users if the bug is not fixed soon. Moreover, it is very difficult to scrutinise the executable part for its authenticity.
WinRAR, by the looks of its reply, doesn’t seem bothered by the vulnerability and advises users to place putty.exe into RAR SFX archive and add following commands to archive comment:
Setup=putty.exe Silent Overwrite Path=puttyfolder
Check WinRAR lab for more information.