Last week Check Point Research published information about a (19 year old!) vulnerability in WinRAR, a popular file compression tool. WinRAR can de/compress files with a variety of compression algorithms. The vulnerability is possible because of a specific implementation of the ACE algorithm. ACE is an uncommon and older type of compression. The vulnerability, during decompression, allows the archive to surreptitiously designate the target path for the inflated files. Combine that ability with compressed archive’s ability to sneak past anti-virus programs, and you have a serious threat.


To mitigate the vulnerability the authors of WinRAR have removed support for ACE effective in version 5.70 beta 1 and later. Check Point updated their Sandblast Agent to catch this vulnerability.



Keywords: anti-virus, rar, malware, winrar

Troy Frericks.
blog 2-Mar-2019
Copyright 2015-2019 by Troy Frericks,

Written by Troy Frericks

Leave a Comment

Your email address will not be published. Required fields are marked *