Bing

A bug present in WinRAR for more than 15 years has put our computers at risk without our knowing it

2024
A bug present in WinRAR for more than 15 years has put our computers at risk without our knowing it

Table of contents:

Anonim
"

Surely you have used WinRAR on more than one occasion. One of those programs that abound in our recent history that for many would enter the category of king of the hard drive. It&39;s been with us since the first versions of Windows and that&39;s saying a lot."

A program to compress and decompress files both packaged with .rar extensions and with others as popular as .zip type. A lightweight program, widely expanded (it has more than 500 million users) and which we now know was perhaps not as safe as we thought.

Present for years

And it is that Check Point Software has discovered the existence of a security breach in WinRAR through which an attacker could access the PCin which the program is installed. This allows you to control it and therefore be able to run all kinds of applications.

So far we could think that it is a _bug_ present in the latest versions of WinRAR and that it is just a matter of waiting for the patch to fix it Big mistake, because the surprise comes when we find out that it is an error that has been present for more than 15 years.

WinRAR has suffered for more than 15 years from a security flaw now discovered that it could have placed a user in a risky situation large number of computers.

This is a bug discovered by researchers at the cybersecurity company Check Point Software.The bug in question is found in a .DLL file called UNACEV2.DLL It is a library used by WinRAR that allows the program to work with .ace compressed files. And be careful, because since 2005 it has not received any update, which suggests that the ruling could have been active for almost 20 years.

Explained in an accessible way, what the failure allows is that the file can be decompressed in a pre-established location, regardless of what we indicate at the time of decompressing it. This allows the cyber attacker to access folders that are not protected and in that case spread the malware to any folder on the system, including startup folders, which would to spring into action just by turning on the equipment.

The solution they offer is not easy and it is not because the UNACEV2.DLL file is not the work of the creators of WinRAR. Being an addition, the only solution has gone through eliminate support for .ace files from the program.

The latest version of WinRAR will lose that option but if we think about it coldly, it's well worth not being able to open a fairly residual file type, it must be said, rather than putting security at risk of our teams. Remember that WinRAR has more than 500 million users to imagine the magnitude of the problem.

Via | The Register Source | Checkpoint

Bing

Editor's choice

Is HTC losing interest in Windows Phone?

Is HTC losing interest in Windows Phone?

2024
Samsung Ativ Q

Samsung Ativ Q

2024
Images of what could be the new Nokia Lumia EOS

Images of what could be the new Nokia Lumia EOS

2024
Build 2013 devices: waiting for manufacturers

Build 2013 devices: waiting for manufacturers

2024
Back to top button