A high-severity vulnerability has been fixed in WinRAR, the popular file archiver utility for Windows used by millions, that can execute commands on a computer simply by opening an archive.
A high-severity vulnerability has been fixed in WinRAR, the popular file archiver utility for Windows used by millions, that can execute commands on a computer simply by opening an archive.
How does an unchecked buffer overrun result in dropping to a shell inside the containing process though?
I’m not super clear on that, and I’m eager to have someone inform/correct me, but here’s my understanding:
It’s like a crash. The running program tells the system to address memory that is not available to be addressed, and the system goes “Uh, what?” and drops into a state where it has stopped following the code from the initial thread (which I am sure is not the right terminology) and waits blankly for new code to be received.
Then the still running-but-“hung” process delivers that “arbitrary code,” and the system dutifully executes it.