xzsdyx Posted February 21, 2019 Report Posted February 21, 2019 Quote Introduction In this article, we tell the story of how we found a logical bug using the WinAFL fuzzer and exploited it in WinRAR to gain full control over a victim’s computer. The exploit works by just extracting an archive, and puts over 500 million users at risk. This vulnerability has existed for over 19 years(!) and forced WinRAR to completely drop support for the vulnerable format. link: https://research.checkpoint.com/extracting-code-execution-from-winrar/ 1 Quote
old66 Posted February 22, 2019 Report Posted February 22, 2019 (edited) WinRar Version 5.70 beta 1 - removed old ACE format support. 21. Nadav Grossman from Check Point Software Technologies informed us about a security vulnerability in UNACEV2.DLL library. Aforementioned vulnerability makes possible to create files in arbitrary folders inside or outside of destination folder when unpacking ACE archives. WinRAR used this third party library to unpack ACE archives. UNACEV2.DLL had not been updated since 2005 and we do not have access to its source code. So we decided to drop ACE archive format support to protect security of WinRAR users. We are thankful to Check Point Software Technologies for reporting this issue. Edited February 22, 2019 by old66 Quote
