Over 500 million WinRAR users could have been exposed; update your software as soon as possible
A critical vulnerability in WinRAR, the most popular Windows file compression tool, was recently corrected. According to specialists in network security and ethical hacking from the International Institute of Cyber Security, the flaw would have allowed malicious users to hijack the victim’s system; the only thing needed to complete the attack was to deceive the user into opening a malicious file.
Although the vulnerability was discovered in the course of last month, the researchers say it affects all versions of WinRAR that have been released during the last 19 years.
WinRAR is used by over 500 million people around the world, and yes, all users could be affected, said network security specialists. Although not everything is bad news, as WinRAR released an update patch to correct this vulnerability at the end of January.
A leaked technical report mentions that the vulnerability resides in the UNACEV2.DLL library, which unpacks the ACE format files and is included in all versions of this tool. According to network security specialists, there is a way to create special ACE files that, after being unzipped, use encoding errors in the UNACEV2.DLL library to inject malicious files out of the user-selected decompression path.
The researchers managed to leave a malware in the Startup folder of a Windows computer, which would start after the next system restart, to finally take control of the infected computer. The WinRAR team launched WinRAR 5.70 Beta in January 2019 to correct this vulnerability, tracked as CVE-2018-20250.
The developers of WinRAR would have lost access to the source code of the library about 15 years ago, so they decided to stop supporting files in ACE format definitively. A large number of malicious hackers are expected to try to exploit some variant of this vulnerability in the near future.
As a precaution, users must remain alert and not open any file in ACE format, unless they have the updated version of WinRAR.
Organizations that reward hackers reporting exploits have shown a special interest in vulnerabilities that affect tools like WinRAR. Zerodium, for example, offers up to $100k USD for remote execution vulnerabilities in WinRAR, 7-Zip, WinZip and tar, for Linux systems.
The interest shown in this kind of exploits is mainly because these kinds of applications are used within both domestic and business networks, so they are a considerable attack vector.