Sun. Feb 23rd, 2020

CheckPoint publishes the WinRAR Code Execution vulnerability details

1 min read

WinRAR is a powerful tool to process RAR and ZIP files. It provides the full RAR and ZIP file support, can decompress CAB, GZIP and other archive formats. Recently, WinRAR has been negatively affected by a variety of serious security vulnerabilities over the past 19 years. According to the details disclosed by the security company Check Point researchers, serious security vulnerabilities were discovered in WinRAR’s UNACEV2.dll, which has not been actively updated since 2005. This flaw allows a skilled attacker to execute any malicious code after opening a crafted file.

WinRAR Code Execution vulnerability

In a nutshell, the vulnerability allows security experts to run WinRAR by bypassing privilege escalation and can place malicious files directly into the Windows system’s startup folder. This means that when the user reboots next time, these malicious files will automatically run, allowing the security expert to fully control the victim’s computer. Security experts say more than 500 million users worldwide are affected by this WinRAR vulnerability.

Check Point said that WinRAR no longer supports the ACE archive format (the attack file for this vulnerability), and also deleted the UNACEV2.dll file last month. WinRAR has released the latest beta version 5.70 Beta 1, which has fixed this issue.

However, it is worth noting that if you visit WinRAR’s official website now, click on the download is still version 5.61. This version does not currently fix this vulnerability. So you often use this compression software, it is recommended to download the Beta version.