Experts at security company Check Point discovered a vulnerability that remained unknown in the WinRAR compressed file extraction program for 19 years.
The solution adopted by WinRAR for the breach causes all users of the software to install the latest version and also has a loss of functionality: from version 5.70 Beta 1, WinRAR no longer supports “ACE” format files.
WinRAR is the program that gave rise to the “RAR” format of compressed files. Very similar to the “ZIP” format, it gained popularity on the internet by having a higher compression, reducing the download time of certain types of files. WinRAR itself claims to have 500 million users.
Despite its name, WinRAR supports many other types of compressed files, including the “ACE” format, which is produced by competing (and now abandoned) WinACE software.
To exploit the flaw, a hacker must convince the victim to extract a packet. The vulnerability allows you to define where WinRAR will place the compressed files, disrespecting the choice of folder made by the user.
In practice, a hacker can create a file that, when unzipped, places files in special Windows startup folders. When the computer restarts, Windows will load the programs present in that folder (a virus, for example) and in this way, the computer will be under the control of the hacker simply after the victim unzip the file.
WinRAR support for ACE files does not depend on the file extension. Even if a file ends in “.rar”, it will be opened as ACE by WinRAR if your content is in that format. Therefore avoiding files ending in “.ace” is not enough to protect itself from failure – you need to install version 5.70 Beta 1 or newer.
After being notified of the failure by Check Point, the WinRAR developers decided to completely eliminate support for the ACE format. The ability of the software to read ACE files depends on third-party code that has not received updates since 2005. For this reason, fault correction has become impractical.