Just about everybody who’s owned a computer in the last few decades has used WinRAR, the ultra-popular file compression and extraction software. More than 500 million users worldwide use WinRAR for archival. Almost none of those people have paid the $29 it costs to use the software after its trial period has ended. Because I hate nag screens and don’t like pirating software, I switched to free alternatives years ago, but if you’re still running any version of WinRAR, it’s best to update it immediately to the latest version, WinRAR version 5.70 beta 1.
There appears to be a remote execution vulnerability in WinRAR that’s existed for the last 19 years. According to the researchers at Check Point Security, an attacker could easily gain full control over a computer, just by extracting a dodgy archive.
It’s all because of a third-party library called UNACEV2.DLL that’s used to extract files compressed using the ACE compression format. It has no security checks, and allows for code to be executed on extraction. Because WinRAR itself checks files and not extensions, a dodgy ACE filed could be renamed to a RAR one, and tampered with to have no user interaction via message boxes. It invokes a Path Traversal vulnerability, allowing the exploit to extract files to an arbitrary path – including the Windows Startup one.
Here’s a proof-of-concept demonstration
in response, WinRAR has dropped support for ACE files in the latest version of the software, to protect its users from potential risk. You can grab WinRAR 5.70 beta 1 here.
Last Updated: February 21, 2019