Support for an outdated format was to blame
WinRAR has patched a 19-year-old security vulnerability that allowed attackers to extract malicious software to anywhere on your hard drive. The vulnerability was discovered by researchers at Check Point Software Technologies, who realised that WinRAR’s support for the effectively defunct ACE archive format meant that it was still relying on an insecure and dated DLL file from 2006.
The researchers have compiled a lengthy blog post explaining how they discovered the bug, but a short video tells you everything you need to know about how it works. Simply by renaming an ACE file to give it a RAR extension you can get WinRAR to extract a malicious program to a computer’s startup folder, meaning it will run automatically the next time the computer boots up.
After the security researchers informed WinRAR of their findings, the team patched the vulnerability with version 5.70 beta 1 of the software. Rather than attempt to fix the issue, the team opted to drop support for ACE archives entirely, which was probably the sensible option considering the only program capable of creating the archives, WinACE, hasn’t been updated since 2007.
It’s unclear if any attacks have used this exploit in the 19 years it’s existed, but with 500 million WinRAR users worldwide they had plenty of opportunities to do so. If you’re one of these users then it’s pretty critical that you update it at the earliest opportunity to ensure that you don’t fall prey to this exploit.