WinRAR has a critical security bug: here is the fixOctober 20, 2019
WinRAR is a highly common software to create and extract archives on Windows along with other supported operating systems. Part of its popularity stems from its support for different kinds of packaging formats the program’s trial version expires.
A bug was discovered recently that impacts all sorts of WinRAR before 5.70. The insect, a remote code execution vulnerability, impacts so all and all WinRAR variations 500 million users that use the program.
Security researchers discovered a flaw which WinRAR utilizes to extract documents from archives.
Attackers could exploit the vulnerability by compelling archives. The bug could be abused to extract the files to any folder on the machine instead of the folder selected by the user along with the default folder for files that were extracted.
Attackers could choose to extract files into Windows’ startup folder so that programs are implemented on another start of the machine.
The researchers published a movie which shows the exploit.
WinRAR employs the information of the file to ascertain the archive that has been used to compress the documents; means, it’s insufficient to avoid any ACE documents for the time being. ACE files could be renamed by attackers to RAR or ZIP, and WinRAR could handle them just fine.
The library that’s responsible for the behaviour is UNACEV2.DLL. The maker of WinRAR eliminated the file in the latest Beta version of WinRAR 5.70. Users may upgrade to the Beta version to secure their devices.
Policies may prevent the installation of applications and some Home users may rather not install applications that is Beta either.
These users and administrators can delete the vulnerable file, UNACEV2.DLL from the WinRAR directory to protect the apparatus from the matter. This is how that is done:
- To delete: select the document UNACEV2.DLL and then delete it either with a right-click and the range of Delete from the context menu, or by utilizing the Del key on your keyboard.
- To rename: Click the file and select rename.
Note: This removes the option to extract ACE files with WinRAR.
I could not find info on the ACE format’s prevalence. I remember that it was quite hot (and controversial) more than a decade past.
Ghacks needs you. You are able to discover how to encourage us support the website directly. Thank you for being a Ghacks reader. The article WinRAR has a significant security bug: This is the repair appeared first on gHacks Technology News.