New critical WinRAR vulnerability

WinRAR has a critical security vulnerability that’s older than your children. If you’ve been using the internet over the past 19 years, chances are you’ve installed WinRAR at one point or another. WinRAR extracts compressed ‘.rar’ files, similar to Zip files commonly found on Windows installations.

Cyber Researchers over at Checkpoint security have discovered a critical flaw that has existed in WinRAR for the past 19 years. The flaw allows a standard user to copy files anywhere on the system.

The following video shows the hack in practice –

Using a fuzzer researchers sent unstructured data to WinRAR over a period of time and investigated the crashes. One crash was of particular interest involved a third party library that handled a particular filetype – ACE. This file format has long been extinct and the ACE website hasn’t existed since 2017.

Checkpoint security were able to leverage the flaw in this third party library through WinRAR to gain access to the full filesystem. The full description is out of scope for this blog post but please read here for more information.

As ACE no longer really exists online, even the source code of the library is now unavailable, the WinRAR team have decided to drop support for ACE and have released an update.

An estimated 500 million users are affected. We recommend anyone using WinRAR to update straight away. This blog post author recommends using the free and open source 7zip for extracting files for almost any extension.