WinRAR patched 19-year-old bug2019-02-21 14:24 by Daniela
WinRAR has patched a 19-year-old security vulnerability that allowed attackers to infect your computer with malware via specially crafted ACE archives. It was discovered by researchers at Check Point Software Technologies.
The vulnerability itself lies in unacev2.dll, a library used to parse ACE archives, a little-used compression format that dates back to the 1990s. In practice, the vulnerability would be targeted via WinRAR or other popular archive extraction tools that include and use this wonky .dll.
After the security researchers informed WinRAR of their findings, the team patched the vulnerability with version 5.70 beta 1 of the software. Rather than attempt to fix the issue, the team opted to drop support for ACE archives entirely.
WinRAR is a popular file-archiving utility for Windows, which can create and allow viewing of archives in Roshal Archive Compressed (RAR) or ZIP file formats, and unpack numerous archive file formats. If you are one of the millions still using WinRAR, this would be a good time to update the software.
Read more -here-