14 DAY TRIAL // The most recent beta version of WinRAR resolves a vulnerability that has been around for no less than 19 years, potentially putting all users of the applications at risk.
WinRAR, which is currently the top compression tool on the market, comes with a security bug that makes it possible for attackers to hide malicious files in archives that are then added to the startup folder for persistence.
Discovered by Check Point Software Technologies, the vulnerability resides in the ACE archive format, which itself is based on a library last updated in 2005. According to the research, an attacker can create an ACE file and then rename it to the RAR format.
When extracting files, a malicious item included in the archive can be automatically added to the startup folder, so attackers can obtain persistence and make sure it runs every time the computer boots.
In some cases, malware can be detected by antivirus software, but at the same time, attackers can employ simple applications that are then used to gain access to the device and drop other malicious payloads.
Fix available in the latest beta
The vulnerability has been patched in the latest betas of WinRAR by removing full support for the ACE file format.
“Nadav Grossman from Check Point Software Technologies informed us about a security vulnerability in UNACEV2.DLL library. Aforementioned vulnerability makes possible to create files in arbitrary folders inside or outside of destination folder when unpacking ACE archives,” RAR Labs explains in the release notes of the new version.
“WinRAR used this third party library to unpack ACE archives. UNACEV2.DLL had not been updated since 2005 and we do not have access to its source code. So we decided to drop ACE archive format support to protect security of WinRAR users.”
It’s not known how many users may have been impacted by the vulnerability, but given WinRAR is the leading file compression tool, the risks have obviously been huge. At this point, there are no specifics as to when the fix could be released in the stable version of WinRAR.