Published:2015/12/17  Last Updated:2015/12/17

WinRAR may insecurely load executable files


WinRAR may use unsafe methods for determining how to load executables (.exe)

Products Affected

  • WinRAR 5.30 beta 4 (32 bit) and earlier
  • WinRAR 5.30 beta 4 (64 bit) and earlier


WinRAR contains a function where user specified files on the local disk can be executed. When this file does not have a file extension, a file of the same name with a file extension contained in the same folder may be executed by WinRAR instead of the user specified file.

WinRAR also contains a function where registry settings can be saved and registry settings can be recovered from files. If the folder displayed on screen contains an executable file, such as REGEDIT.BAT, when attempting to save or recover registry settings, REGEDIT.BAT is executed instead of the Windows registry editor (regedit.exe).


If an attacker convinces a user to open a file without an extension through WinRAR, a file with the same name with a file extension in the same folder will be executed with the privileges of WinRAR.

If an attacker places an executable file, such as REGEDIT.BAT into a folder that is being displayed through WinRAR, when the user saves or restores WinRAR settings, REGEDIT.BAT will be executed with the privileges of WinRAR instead of the Windows registry editor (regedit.exe).


Update the Software
This vulnerability has been addressed in WinRAR 5.30 beta 5.
Update to the latest version according to the information provided by the developer.


JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Base Score: 7.8
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)
Base Score: 5.1
Access Vector(AV) Local (L) Adjacent Network (A) Network (N)
Access Complexity(AC) High (H) Medium (M) Low (L)
Authentication(Au) Multiple (M) Single (S) None (N)
Confidentiality Impact(C) None (N) Partial (P) Complete (C)
Integrity Impact(I) None (N) Partial (P) Complete (C)
Availability Impact(A) None (N) Partial (P) Complete (C)


Other Information

JPCERT Reports
CERT Advisory
CPNI Advisory
CVE CVE-2015-5663
JVN iPedia JVNDB-2015-000199