A 19-Year-Old Bug in WinRAR

By

Popular Windows archive tool is vulnerable to attack.

WinRAR is one of the most popular archive manager software in the Windows world -- a Swiss knife that handles compression and extraction of multiple archive formats, including RAR and ZIP.

According to HackerNews, there are more than 500 million WinRAR users in the world, and all these users are now at risk of compromise. A 19-year-old bug was discovered in WinRAR that allows hackers to execute arbitrary code on a targeted system. The bug called "Absolute Path Traversal" bug (CVE-2018-20250) is found in a UNACEV2.DLL, a third-party library. It allows attackers to extract a compressed executable file from the ACE archive, which automatically runs in the Windows machine upon reboot.

A proof of concept exploit code has already been published, and hackers are already using it to attack Windows users. WinRAR has already released an update, which Windows users should  install immediately.

HackerNews reported that the WinRAR team had lost the access to the source code for the vulnerable UNACEV2.DLL library in 2005; instead of fixing the issue, the team released WINRar version 5.70 beta 1, which doesn't support the DLL and ACE format. This fix addressed the bug, but at the same time it removed all ACE support from WinRAR.

The discovery of the WinRAR bug underscores an important rule that all users should apply to their everyday life: don’t click on any files that you don’t know.

02/26/2019

Related content

comments powered by Disqus