WinRAR is one of the most popular file compression and extraction tools out there, so it might be a little worrying to find out that it's been affected by a security vulnerability for the last 19 years. However, that seems to be the case, as Check Point Research investigator Nadav Grossman recently discovered a flaw that allowed an attacker to secretly extract malicious files into the startup folder of Windows 10.
The vulnerability, demonstrated in the video below, is linked to a flaw in the old ACE file format, which lets archived files do just that. The ACE format is very old and hasn't been updated in years - the only tool capable of compressing files in that format is WinACE, and the latest version available is from 2007. Nonetheless, an attacker could create an ACE file and rename to have a RAR extension. Then, if a user extracted it, specifically using the extraction options in the Windows context menu, a malicious file could secretly be placed in the startup folder.
WinRAR claims to have over 500 million users worldwide, so there's a good chance that this vulnerability has been exploited at some point. The team behind WinRAR was informed of vulnerability and swiftly responded by removing support for ACE files altogether. Given how old and irrelevant the format is at this point, it's somewhat surprising that this didn't happen sooner, but at least you won't have to worry about it anymore.
The fix has been implemented in version 5.70, which is still in beta testing. You can find it in the downloads page for the tool.
Source: Check Point Research via The Verge
22 Comments - Add comment