WinRAR fixes a two-decade old vulnerability that had put 500 million users at risk

Researchers have discovered a critical 19-year-old vulnerability in WinRAR, a popular file archiving Windows application that is used for compressing and decompressing large files. The security vulnerability, which has been fixed now, allowed hackers to target devices by just extracting an archive, putting more than 500 million users at risk.
Researchers at Check Point Software Technologies, who discovered the vulnerability, explained that WinRAR was using a dated dynamic link library (dll) which was last updated in 2006. The dll did not have modern protection mechanisms such as ASLR and DEP which provide system-level security against hackers.
“A few months ago, our team built a multi-processor fuzzing lab and started to fuzz binaries for Windows environments using the WinAFL fuzzer. After the good results we got from our Adobe Research, we decided to expand our fuzzing efforts and started to fuzz WinRAR too,” wrote Nadav Grossman in a blog post.
Researchers discovered critical issue in the ACE archive format which had no protection mechanism at all and hackers didn’t even need to bypass it.
ALSO READ: Formjacking explained: How hackers target online shoppers, virtually skim card details
“We turned our focus and fuzzer to this “low hanging fruit” dll, and looked for a memory corruption bug that would hopefully lead to Remote Code Execution. However, the fuzzer produced a test case with “weird” behavior. After researching this behavior, we found a logical bug: Absolute Path Traversal. From this point on it was simple to leverage this vulnerability to a remote code execution,” he added.
WinRAR said it was dropping the guilty ACE format altogether with its new update.
“WinRAR used this third party library to unpack ACE archives. UNACEV2.DLL had not been updated since 2005 and we do not have access to its source code. So we decided to drop ACE archive format support to protect security of WinRAR users. We are thankful to Check Point Software Technologies for reporting this issue,” the company said in a blog post.

Source: hindustantimes.com

DISCLAIMER: The Views, Comments, Opinions, Contributions and Statements made by Readers and Contributors on this platform do not necessarily represent the views or policy of Ghana Guardian.

Send your news stories to Editor of Ghana Guardian via WhatsApp on +233501061949

Published

WinRAR fixes a two-decade old vulnerability that had put 500 million users at risk

Comments

Please leave your comment below

News

Politics

Sports

World Football

Business

African News

Opinion

Technology

World

Photos

Videos

Crime

LifeStyle

Regional

Education

Health

Beyond Borders

Jobs

Radio

Movies

Home Remedy Videos

Health Topics

Currency Converter

Games