WinRAR Resolves 19-Year Old Vulnerability
A nasty code-execution bug in WinRAR threatened millions of users for decades.
Check Point Research has uncovered a vulnerability in file extraction software WinRAR that has left users at risk for the past 19 years. The security flaw allows attackers to extract files of malicious software to access users’ PC systems.
Hackers manipulated WinRAR into extracting a malicious program to a PC’s startup folder by renaming an ACE file with a RAR extension. The malicious program could then run automatically when a computer system rebooted.
After Check Point released the report, WinRAR patched the exploit by releasing a new version of the software that drops support for ACE archives. Industry experts believe over 500 millions users could be affected, making the risk of a global scale exploitation increasing likely.
We recommend deploying the latest critical patch released for WinRAR which resolves a vulnerability that impacts all versions of WinRAR over the past 19 years.