Description
Last week Check Point Research published information about a (19 year old!) vulnerability in WinRAR, a popular file compression tool. WinRAR can de/compress files with a variety of compression algorithms. The vulnerability is possible because of a specific implementation of the ACE algorithm. ACE is an uncommon and older type of compression. The vulnerability, during decompression, allows the archive to surreptitiously designate the target path for the inflated files. Combine that ability with compressed archive’s ability to sneak past anti-virus programs, and you have a serious threat.
Mitigation
To mitigate the vulnerability the authors of WinRAR have removed support for ACE effective in version 5.70 beta 1 and later. Check Point updated their Sandblast Agent to catch this vulnerability.
CVE
Keywords: anti-virus, rar, malware, winrar
