Versions of WinRAR released in the last 19 years have been affected by serious security defects More than 500 million at – risk WinRAR users. Users recommended that WinRAR be updated as soon as possible.
WinRAR, one of the most popular applications for compression of Windows files in the world, patched a serious security flaw last month that can be abused to hijack users ‘ systems just by tricking a WinRAR user to open a malicious archive.
The vulnerability discovered by Check Point Software security researchers last year affects all versions of WinRAR released in the last 19 years.
The WinRAR team boasts a user base of more than 500 million users on its website, all of which are most likely affected. The good news for all users of WinRAR is that WinRAR devs released an update last month to fix the problem.
The vulnerability lies in the UNACEV2.DLL library included with all WinRAR versions, according to a Check Point technical write – up that takes a deep dive into the inner workings of WinRAR.
This library is responsible for the unpacking of ACE archives. Check Point researchers found a way to build malicious ACE archives that used coding faults in this library when decompressed to plant malicious files outside the intended destination for decompression.
For example, researchers at Check Point were able to use this vulnerability to plant malware in the Startup folder of a Windows PC, malware that would execute, infect and take over the PC after the next reboot. Below is a demo video of proof – of – concept recorded by the Check Point team.
WinRAR devs released WinRAR 5.70 Beta 1 on January 28, 2018 – 20250, CVE-2018 – 20251, CVE-2018 – 20252, and CVE-2018 – 20253 to address this vulnerability.
Since devs lost access to the source code of the UNACEV2.DLL library around 2005, they decided to completely drop support for ACE archive formats.
Due to the extremely large user base of WinRAR, users should be aware that malware operators are most likely to try to exploit this vulnerability in the coming months and years.
Home users should be careful not to open any ACE archives received via email unless WinRAR has been updated first. Large-scale system administrators should also warn employees to open these files without first updating WinRAR.
Exploit vendors have already shown interest in buying vulnerabilities in file compression utilities last year, offering up to $100,000 in WinRAR, 7-Zip, WinZip (on Windows) or tar (on Linux) for a remote code execution error.
The reason is that these types of apps are installed on corporate or home computers almost always and are an ideal attack surface for hackers or government entities.
