The famous WinRAR decompression software , used by more than 500 million people around the world, suffers from a 14-year-old security hole.
The vulnerability is indeed present in the file UNACEV2.DLL, which has not been updated since 2005.
The vulnerability is indeed present in the file UNACEV2.DLL, which has not been updated since 2005.
A flaw in age to write your own patch
These are researchers at Check Point Software have indeed revealed this amazing vulnerability that could be used by an attacker to hijack users' systems. Do not panic, however, the developers of WinRAR have already corrected the concern, via the last update of the program.
Concretely, via the UNACEV2.DLL library, it was possible to develop "malicious" ACE archives , allowing their decompression to install files on the target system, apart of course from the decompression file . According to Check Point Software, it was entirely possible to inject files into the Windows startup folder.
" UNACEV2.DLL has not been updated since 2005 and we do not have access to its source code ," said WinRAR teams. " So we decided to remove support for the ACE archive format to protect the security of WinRAR users ."
The group obviously invites users not to open the ACE archives whose provenance is unknown, but also to update the WinRAR software. A program that is installed in very (very) many domestic systems, but also in companies, and that we rarely (if ever) take care of updating.