Description

Last week Check Point Research published information about a (19 year old!) vulnerability in WinRAR, a popular file compression tool. WinRAR can de/compress files with a variety of compression algorithms. The vulnerability is possible because of a specific implementation of the ACE algorithm. ACE is an uncommon and older type of compression. The vulnerability, during decompression, allows the archive to surreptitiously designate the target path for the inflated files. Combine that ability with compressed archive’s ability to sneak past anti-virus programs, and you have a serious threat.

Mitigation

To mitigate the vulnerability the authors of WinRAR have removed support for ACE effective in version 5.70 beta 1 and later. Check Point updated their Sandblast Agent to catch this vulnerability.

CVE

2018-20251

Keywords: anti-virus, rar, malware, winrar

Troy Frericks.
blog 2-Mar-2019
=
Copyright 2015-2019 by Troy Frericks, http://cybersecurityblog1.frericks.us/.
#

Written by Troy Frericks

Leave a Comment

Your email address will not be published. Required fields are marked *