A WinRAR exploit that survived for 19 years has been patched

winrar bug fixed

The researchers at CheckPoint Software Technologies have spotted an exploit that has existed for 19 years! According to the cybersecurity researchers at this company, the bug could have been used to gain full control over a victim’s computer.

WinRAR, the trialware file archiver utility for Windows, has over 500 million users all over the world and is the world’s most popular compression tool. The researchers at CheckPoint Software Technology happened upon the WinRAR bug as they were fuzz testing Windows environments. They discovered that the tool was still using the defunct ACE archive format which is an insecure old DLL file from the mid-2000s. Renaming an ACE file with a RAR extension would give a hacker the power to manipulate WinRAR. He could then extract a malicious program to a computer’s startup folder which would run automatically as soon as your computer started.

WinRAR was quick to respond and patched the vulnerability through a new update. WinRAR has dropped support for the ACE archives now. Given the popularity of the compression tool, all the 500 million users were at risk of being hacked due to this cybersecurity flaw. WinRAR on its website thanked CheckPoint for reporting the issue.