WinRAR is one of the best tools available for creating, opening and modifying file / compression archives, such as RAR files, ZIP files, 7zip, ISO and so many more. It has been very popular for pretty much all of its existence, but it had a nasty flaw present for a long time that went unnoticed.
Check Point Research revealed that there was a problem with how WinRAR handles ACE archives, and crucially, even ACE archives that had a different file extension (e.g. .rar). In a nutshell, a crafted ACE archive when extracted with WinRAR could place an executable file in the startup folder in Windows, meaning that the OS would run that executable file on the next boot.
This is a serious problem for obvious reasons. Technically, WinRAR had been using a third-party tool to extract ACE archives, and that's where the vulnerability lay and goes some ways to explaining why it was not noticed by WinRAR developers until pointed out.
To address the issue, WinRAR v5.70 beta 1 does not support opening or handling ACE archives at all. It is worth emphasizing that there is no evidence this flaw was used in any known attacks.
Note on the WinRAR Website:
"Nadav Grossman from Check Point Software Technologies informed us about a security vulnerability in UNACEV2.DLL library.
Aforementioned vulnerability makes possible to create files in arbitrary folders inside or outside of destination folder
when unpacking ACE archives.
WinRAR used this third party library to unpack ACE archives.
UNACEV2.DLL had not been updated since 2005 and we do not have access to its source code.
So we decided to drop ACE archive format support to protect security of WinRAR users.
We are thankful to Check Point Software Technologies for reporting this issue."
If you use WinRAR, you can update it not to WinRAR v5.70 beta 1 (64-bit here) from AfterDawn, or from the developer's homepage.
More Info: Clear Point Research
Written by: James Delahunty @ 22 Feb 2019 13:06