Extracting Code Execution from WinRAR

Channel:
United States Check Point Software
Subscribers:
79,900
Published on ● Video Link: https://www.youtube.com/watch?v=R2qcBWJzHMo


Duration: 0:36
85,333 views
275

In this article, we tell the story of how we found a logical bug using the WinAFL fuzzer and exploited it in WinRAR to gain full control over a victim’s computer. The exploit works by just extracting an archive, and puts over 500 million users at risk. For full technical details, please visit Check Point Research http://bit.ly/2IsSnl9



Other Videos By Check Point Software


2019-03-13Policy management with R80 | New from CPX 360
2019-03-13Change management in R80.20 SmartConsole | New from CPX 360
2019-03-13SmartConsole Features you need to start using | New from CPX 360
2019-03-07UltraHack: The Security Risks of Medical IoT
2019-03-042019 Security Report: Survive today's targeted cyber attacks
2019-03-01Thierry Karsenti talks CloudGuard Dome 9 integration | CPX 360 Vienna 2019
2019-03-01Dorit Dor Talks Maestro Hyperscale Network Security | CPX 360 Vienna 2019
2019-02-28Ask US Anything with Dorit Dor and Security Team | CPX 360 2019 Vienna
2019-02-25CPX 360 2019 - Thank You for Attending
2019-02-202019 CPX 360 Summit and Expo in Vienna - Welcome reception party!
2019-02-20Extracting Code Execution from WinRAR
2019-02-20Report: Securing the Cloud, Mobile and IoT
2019-02-202019 CPX 360 Vienna - Cyber Talk Keynotes (Day 2/Part 2)
2019-02-202019 CPX 360 Vienna - Cyber Talk Keynotes (Day 2/Part 1)
2019-02-19Check Point Maestro | Use Cases: Operational Supremacy
2019-02-19Check Point Maestro | Use Cases: Resiliency
2019-02-19Check Point Maestro | Use Cases: Scalability
2019-02-192019 CPX 360 Vienna - Cyber Talk Keynotes (Day 1/Part 3)
2019-02-192019 CPX 360 Vienna - Cyber Talk Keynotes (Day 1/Part 2)
2019-02-192019 CPX 360 Vienna - Cyber Talk Keynotes (Day 1/Part 1)
2019-02-14Mitigate the Latest Container Vulnerability with CloudGuard Dome9


Tags:
WinAFL
WinAFL fuzzer
WinRAR
Check Point
Chekc Point Research
malware
ransomware
cyber attack
cyber security