WinRAR, a file archival utility for Windows, which enable users to create and view archives in RAR or ZIP file formats, developed by Eugene Roshal of win.rar GmbH has a bug that has gone undetected since 2005.
According to security research firm, Check Point, the WinRAR bug prompt users to buy the software, though there is an option to click on “next time” and continue the extraction of files, but it leaves over 500 Million Windows users at risk.
The researchers found several crashes in the extraction of archival file formats, including: RAR, LZH and ACE that resulted by a memory corruption vulnerability as Out-of-Bounds Write, while the vulnerabilities isn't trivial because the primitives offered limited control over the overwritten buffer.
WinRAR employs a dll (Dynamic Link Library) named unacev2.dll for parsing ACE archives, and this dll turned out to be a dated dll compiled in 2006 without any protection mechanism.
The WinRAR bug allow attackers to extract executable files from a Windows PC’s startup folder, which makes it to automatically run on every bootup, and the vulnerability is further exacerbated by the fact that any malicious ACE archive can rename to a RAR compression format without escaping the exploit.
The developers of the popular file archival tool WinRAR has already issued a patch for this vulnerability. However the software will need to be updated to version 5.70 beta 1, released last month, by the users to ensure security for their devices from this major flaw.
No comments