Obsessed with technology?
Subscribe to the latest tech news as well as exciting promotions from us and our partners!
By subscribing, you indicate that you have read & understood the SPH's Privacy Policy and PDPA Statement.
News Categories

A WinRAR security flaw may put over 500 million users at risk

By Wong Chung Wee - on 21 Feb 2019, 2:52pm

A WinRAR security flaw may put over 500 million users at risk

(Image source: Check Point Software Technologies)

Researchers from Check Point Software Technologies have uncovered a security flaw in WinRAR, a popular Windows file archiver software utility tool. The researchers were interested in fuzzing, i.e, to suss out unexpected behaviors of an application by feeding it with malformed inputs. Such inputs are usually crafted by taking valid parameters and adding random errors to them.

They managed to fuzz WinRAR and uncovered a security flaw that was buried deep within one of WinRAR’s dynamic link library files (DLL), i.e., the UNACEV2.dll. This particular code library file has been hasn’t been updated since 2005.

According to the researchers, they were able to put together a malicious file in the form of a compressed executable file. When the unsuspecting WinRAR user extracts the file, the researchers’ malware will be extracted and copied to the Window’s startup folder. This portion of their exploit involves some guesswork about the exact location of Window’s startup folder and they overcame it by creating “thousands” of compressed files that contained different user names.

Their proof-of-concept video demonstration stopped at the creation of an executable file at the Windows startup of their host machine. A potential hacker can possibly make use of this exploit to copy malicious files that will launch when the infected machine reboots. In order to protect yourself from this security flaw, please upgrade your copy of WinRAR to the latest beta version, i.e., WinRAR 5.70 beta 1. The avoidance of ACE archive files will not help as the researchers were able to rename the ACE file extension of their malware to an RAR one, so it’s not possible to isolate such malware solely by the offending file extension.

(Source: Check Point Software Technologies via MalwareTips)