In a March 19th 2019 article at techxplore.com, Nancy Cohen reports
on how Window's users who use the third party WinRAR archive utility
but who are not yet using the latest version 5.7 update are potentially
vulnerable to "booby trapped" malicious archive files.
Quote:
|
Originally Posted by Nancy Cohen, TechExplore
"The absolute path traversal made it possible for archive files to extract to the Windows startup folder (or any other folder of the archive creator's choosing) without generating a warning," said Dan Goodin in Ars Technica. "From there, malicious payloads would automatically be run the next time the computer rebooted."
McAfee, meanwhile, said they identified over 100 unique exploits. And they are still in counting mode.
|
Story here :-
https://techxplore.com/news/2019-03-...unpatched.html