An at least 14-year-old vulnerability in the WinRAR Packing Program allows attackers to take over a foreign computer with an ACE-format archive by silently installing malicious software. For this it suffices if the archive is extracted on the attacked computer.
The starting point for the vulnerability is the Dynamic Link Library UNACEV2.DLL from 2005, which has no protection mechanisms and is used by WinRAR. The loophole enables attackers to unpack an ACE-format archive into an executable program that starts up the Windows PC, so that when the user restarts the computer, this malicious software runs. In theory, any type of file is conceivable and executable, so that any type of attack based on this method can be performed. Check Point Software Technologies, who discovered the gap, demonstrate the attack in a video.
Potentially, the vulnerability found only after 14 years exposes more than 500 million software users to risk, as it continues to exist in the current final release. Zerodata bounty programs such as WinRAR, 7-Zip, WinZip or tar offer up to $ 100,000 for such serious security vulnerabilities.
We're still paying up to $ 100,000 for # 0day exploits (code execution) affecting major file archivers: WinRAR, 7-Zip, WinZip (on Windows) or tar (on Linux). For more information: https://t.co/fKnggJyb0H #BigBounties
– Zerodium (@Zerodium) October 18, 2018
No ACE format anymore in WinRAR
In order to close the vulnerability, the developers of WinRAR have decided not to support the ACE format in the future, so that the vulnerability in the UNACEV2.DLL is no longer part of the software, since they have no access to the Source code of the DLL.
Gap closed so far only in the beta version
In the currently official version 5.61 of WinRAR, the vulnerability is not yet closed. If you want to make sure now, you have to switch to the not yet final version 5.70 Beta 1, which can also be downloaded from the download area of ComputerBase.
WinRAR is a very good pack program, made famous by the efficient RAR format.
- Version 5.61 German
- Version 5.70 Beta 2