Where appropriate, SFX archive displays the additional line with detailed error information provided by operating system.
We would like to express our gratitude to Igor Sak-Sakovskiy for bringing this issue to our attention. Some other factors are also involved in limiting the practical application of this attack. Such attack is only possible if the intruder has managed to spoof or otherwise control user's DNS records. This is done to prevent a malicious web page from executing existing files on a user's computer. It also implements additional checks within the web notifier.
WinRAR uses https instead of http in the web notifier window, home page and themes links.
We are thankful to Jacob Thompson - Mandiant Advantage Labs for reporting this issue. We already prohibited extracting contents of such malformed archives in WinRAR 6.01. It is done to prevent possible attacks with inclusion of ZIP archive into the signature body.
ZIP SFX module refuses to process SFX commands stored in archive comment if such comment is resided after beginning of Authenticode digital signature.
Authenticity information may be added for additional security and RAR will store information on the last update and name of the archive. Even physically damaged archives may be repaired and an archive may be locked to prevent further changes.
RAR offers a number of service functions, such as setting a password, adding archive and file comments.
RAR offers the ability to create a multi-volume archive as SFX.
RAR offers the ability to create and change SFX archives using default and external SFX modules.
RAR provides functionality for creating a 'solid' archive, which can raise the compression ratio by 10% - 50% over more common methods, particularly when packing large numbers of small files.
RAR offers an optional compression algorithm highly optimized for multimedia data.
It allows higher compression ratios than other PC archiving tools, especially on executable files, object libraries, large text files, etc.
RAR introduces an original compression algorithm.
The archive is usually a regular file, which name has a ".rar" suffix.
0 kommentar(er)
