Nasty code-execution bug in WinRAR threatened hundreds of thousands of customers for 14 years

Enlarge / Evert (credit score: iStock / Getty Photographs) WinRAR, a Home windows file compression program with 500 million customers worldwide, lately fastened a 14-year-old vulnerability that made it doable for attackers to execute malicious code when targets opened a booby-trapped file. The vulnerability was the results of an absolute path traversal flaw that resided in UNACEV2.DLL, a third-party code library that hasn’t been up to date since 2005. The traversal made it doable for archive recordsdata to extract to a folder of the archive creator’s selecting, relatively than the folder chosen by the individual utilizing this system. As a result of the third-party library doesn’t make use of exploit mitigations equivalent to handle house structure randomization, there was little stopping exploits. Researchers from Test Level Software program, the safety agency that found the vulnerability, initially had hassle determining the way to exploit the vulnerability in a method that executed code of their selecting. The obvious path—to have an executable file extracted to the Home windows startup folder the place it could run on the following reboot—required WinRAR to run with greater privileges or integrity ranges than it will get by default. Learn four remaining paragraphs | Feedback