in

ACE format: Critical hole in WinRAR only discovered after 14 years

ACE format: Critical hole in WinRAR only discovered after 14 years

An at least 14-year-old vulnerability in the WinRAR Packing Program allows attackers to take over a foreign computer with an ACE-format archive by silently installing malicious software. For this it suffices if the archive is extracted on the attacked computer.

The starting point for the vulnerability is the Dynamic Link Library UNACEV2.DLL from 2005, which has no protection mechanisms and is used by WinRAR. The loophole enables attackers to unpack an ACE-format archive into an executable program that starts up the Windows PC, so that when the user restarts the computer, this malicious software runs. In theory, any type of file is conceivable and executable, so that any type of attack based on this method can be performed. Check Point Software Technologies, who discovered the gap, demonstrate the attack in a video.

Potentially, the vulnerability found only after 14 years exposes more than 500 million software users to risk, as it continues to exist in the current final release. Zerodata bounty programs such as WinRAR, 7-Zip, WinZip or tar offer up to $ 100,000 for such serious security vulnerabilities.

No ACE format anymore in WinRAR

In order to close the vulnerability, the developers of WinRAR have decided not to support the ACE format in the future, so that the vulnerability in the UNACEV2.DLL is no longer part of the software, since they have no access to the Source code of the DLL.

Gap closed so far only in the beta version

In the currently official version 5.61 of WinRAR, the vulnerability is not yet closed. If you want to make sure now, you have to switch to the not yet final version 5.70 Beta 1, which can also be downloaded from the download area of ​​ComputerBase.

Downloads

  • WinRAR

    4.4 stars

    WinRAR is a very good pack program, made famous by the efficient RAR format.

    • Version 5.61 German
    • Version 5.70 Beta 2

Leave a Reply

Your email address will not be published. Required fields are marked *

Reverse Convertible: THQ Nordic raises money for further acquisitions [Notiz]

Reverse Convertible: THQ Nordic raises money for further acquisitions [Notiz]

Denuvo 5.6: Copy protection in Metro Exodus already bypassed (Update)

Denuvo 5.6: Copy protection in Metro Exodus already bypassed (Update)