WinRAR, a file compression app on Windows, recently patched a bug that was there for fourteen years (via ArsTechnica).
The bug made it possible for hackers to execute malicious code on your computer if you opened a booby-trapped file. It involved a flaw found in UNACEV2.DLL, a code library that hasn’t been updated since 2005.
The code-execution vulnerability in WinRAR has existed the entire 14 years since the UNACEV2 library was created, and possibly earlier, Check Point researchers said in a blog post. In the same post, they compared their proof-of-concept exploit to zero-day attacks exploit broker Zerodium said it would buy for as much as $100,000.
Basically, because of the flaw archive files could be extracted to a location that the attacker chose, instead of the user’s choice or default location.