RCE (remote code execution) flaw has been found in the WinRAR Windows software by researchers at Check Point. The technical details of the vulnerability are publicly disclosed and affects all versions of the software released in last 19 years.
The vulnerability is in old third-party library, called UNACEV2.DLL, used by the WinRAR software to handle the extraction of files compressed in ACE file format.
Since WinRAR detects the format of the file by the content and not by the extension, attackers can change the .ace extension to .rar extension. The researchers managed to find an “Absolute Path Traversal” flaw in the library which could be used to execute arbitrary code on a system.
The vulnerability allows hackers to extract compressed files to a folder of their choice; an opportunity to drop malware into the Windows Startup folder. All an attacker needs to do is to convince victim into opening the archive file using WinRAR.
WinRAR team had lost source code of the UNACEV2.dll library back in 2005. They decided to drop UNACEV2.dll to fix the issue and release WINRar version 5.70 beta 1 which doesn’t support the ACE format anymore.
If you are using Windows you are strongly advised to install the latest version of WinRAR and avoid opening files received from unknown sources.