The vulnerability allows unauthorised remote attackers to execute system specific code to compromise a target system, he said.
The existence of the serious vulnerability in the said tool has also been independently confirmed by Security firm MalwareBytes.
The attackers saved in the SFX archive input the malicious generated html code.
Further, Mr Espargham stated, it is necessary that you restrict the input and avoid using special characters.
Filtering the input to block further client-side cross site scripting attacks, is also suggested.
If the affected file is open, the malware could compromise the gear or internet.
However, the team behind WinRAR downplayed the severity.
Instead of using the SFX archive, it would be as easy for attackers to bundle a malicious executable.
source: www.techworm.net
