19-Year WinRAR Bug Put Millions at Risk, Now It Is Fixed

For nearly 20 years, a severe flaw has been hidden in the popular compression tool, WinRAR.

Read this post to learn the 19-year WinRAR bug.

Besides, another reason is that its trial version never expires.

However, recently researchers at Check Point Research have found a severe security bug in WinRAR.

Once the flaw is exploited by hackers, they can insert malicious programs into a PCs startup folder.

Reportedly, the WinRAR security bug has been hidden in WinRAR for 19 years old.

Related article:Ransomware Prevention Policy, Protect Yourself Now!

After further analysis, they have found a logical bug named Absolute Path Traversal.

This makes attackers easily use this vulnerability to execute remote code.

Using a fuzzer, four security flaws were found, including CVE-2018-20250, CVE-2018-20251, CVE-2018-20252, and CVE-2018-20253.

Researchers have found WinRAR uses a .dll file named unacev2.ll to parse ACE archives.

In a response to Check Point Research, WinRAR has fixed this flaw with a fresh software update.

The bug has been patched in the latest version 5.70 beta 1.

Besides, this company has also released the second beta of version 5.70 on Thursday.

Due to this, WinRAR decided to give up the support for the ACE archive format completely.