vulnerability has been discovered in the WinRAR software, affecting
hundreds of millions of users worldwide.
Cybersecurity researchers at Check Point have disclosed
technical details of a critical vulnerability in WinRAR—a popular
Windows file compression application with 500 million users
worldwide—that affects all versions of the software released in
last 19 years.
The flaw resides in the way an old third-party library, called
UNACEV2.DLL, used by the software handled the extraction of files
compressed in ACE data compression archive file format.
However, since WinRAR detects the format by the content of the file
and not by the extension, attackers can merely change the .ace
extension to .rar extension to make it look normal. According to
researchers, they found an “Absolute Path Traversal” bug in the
library that could be leveraged to execute arbitrary code on a
targeted system attempting to uncompress a maliciously-crafted file
archive using the vulnerable versions of the software.
The path traversal flaw allows attackers to extract compressed
files to a folder of their choice rather than the folder chosen by
the user, leaving an opportunity to drop malicious code into
Windows Startup folder where it would automatically run on the next
reboot.
As shown in the video demonstration shared by researchers, to
take full control over the targeted computers, all an attacker
needs to do is convincing users into just opening maliciously
crafted compressed archive file using WinRAR.
Since the WinRAR team had lost source code of the UNACEV2.dll
library in 2005, it decided to drop UNACEV2.dll from their package
to fix the issue and released WINRar version 5.70 beta 1 that
doesn’t support the ACE format.
Windows users are advised to install the latest version of
WinRAR as soon as possible and avoid opening files received from
unknown sources.
Read more http://feedproxy.google.com/~r/TheHackersNews/~3/KS4_W_MywjY/winrar-malware-exploit.html