WinRAR versions released in the last 19 years impacted by severe security flaw

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
WinRAR, one of the world's most popular Windows file compression applications, has patched last month a severe security flaw that can be abused to hijack users' systems just by tricking a WinRAR user into opening a malicious archive.

The vulnerability, discovered last year by security researchers from Check Point Software, impacts all WinRAR versions released in the last 19 years.

On its website, the WinRAR team boasts of having a userbase of over 500 million users, all of whom are most likely impacted. The good news for all WinRAR users is that WinRAR devs released an update to fix the issue last month.

According to a Check Point technical write-up that takes a deep dive into WinRAR's inner workings, the vulnerability resides in the UNACEV2.DLL library included with all WinRAR versions.

This library is responsible for unpacking archives in the ACE format. Check Point researchers discovered a way to build malicious ACE archives that when decompressed used coding flaws in this library to plant malicious files outside the intended decompression path destination.

WinRAR devs released WinRAR 5.70 Beta 1 on January 28 to address this vulnerability --tracked under the CVE-2018-20250, CVE-2018-20251, CVE-2018-20252, and CVE-2018-20253 identifiers.

Download: WinRAR 5.70 Beta 1 32bit
Download: WinRAR 5.70 Beta 1 64bit
 

dinosaur07

Level 12
Verified
Top Poster
Well-known
Aug 5, 2012
572
The solution is simple:

1: update to 5.70 beta 1 if your license permits the update or
2. untick the .ace archive from being opened with winrar if you can`t update.

:)

"Nadav Grossman from Check Point Software Technologies informed us about a security vulnerability in UNACEV2.DLL library. Aforementioned vulnerability makes possible to create files in arbitrary folders inside or outside of destination folder when unpacking ACE archives.

WinRAR used this third party library to unpack ACE archives. UNACEV2.DLL had not been updated since 2005 and we do not have access to its source code. So we decided to drop ACE archive format support to protect security of WinRAR users.

We are thankful to Check Point Software Technologies for reporting this issue. "

Source
 

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
2. untick the .ace archive from being opened with winrar if you can`t update.
There's also a file "Ace32Loader.exe" in the WinRAR folder. I'm not entirely certain of its function, but WinRAR seems to work without it (I renamed the extension).

Then update it?
No lifetime license here so I'm left with what I have. Funny, but the previous time I bought WinRAR a similar threat surfaced. So this one is on me :oops:
 
Last edited:

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
Oddly most of these articles pile on WinRAR when in fact most all ace-capable compressors share this vulnerability. For example...
Bandizip Version History

v6.21 Feb 23, 2019
  • Stopped ACE archive format support due to vulnerability (CVE-2018-20250)
  • Fixed: Crash problem while extracting specific NSIS
  • Fixed: Shell extension does not work for the specific case
  • Some minor bug fixes
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top