WinRAR Fixes 14-Year-Old Bug

WinRAR, a file compression app on Windows, recently patched a bug that was there for fourteen years (via ArsTechnica).

[iFixit: We Are All Geniuses, Advocates Right to Repair]

WinRAR’s Vulnerability

The bug made it possible for hackers to execute malicious code on your computer if you opened a booby-trapped file. It involved a flaw found in UNACEV2.DLL, a code library that hasn’t been updated since 2005.

winrar logo

The code-execution vulnerability in WinRAR has existed the entire 14 years since the UNACEV2 library was created, and possibly earlier, Check Point researchers said in a blog post. In the same post, they compared their proof-of-concept exploit to zero-day attacks exploit broker Zerodium said it would buy for as much as $100,000.

Basically, because of the flaw archive files could be extracted to a location that the attacker chose, instead of the user’s choice or default location.

[That Anti-LGBT Emoji is Just a Glitch]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.