The versions of WinRAR released in the last 19 years are affected by a serious security vulnerability.

WinRAR, one of the world's most popular Windows file compression applications, corrected last month a serious security hole that can be used to hijack users' systems while causing a WinRAR user to open an illegal archive.

The vulnerability, discovered last year by security researchers from Check Point Software, concerns all versions of WinRAR released for 19 years.

On its website, the WinRAR team boasts of having a user base of over 500 million users, all of whom are most likely affected. The good news for all WinRAR users is that the WinRAR developers have released an update to fix the problem last month.

According to a technical article from Check Point that thoroughly describes the internal workings of WinRAR, the vulnerability lies in the UNACEV2.DLL library provided with all versions of WinRAR.

This library is responsible for decompressing archives in ACE format. Check Point researchers discovered a way to create malicious ACE archives that, once uncompressed, used coding flaws in this library to create malicious files outside the intended decompression path destination.

For example, Check Point researchers were able to use this vulnerability to install malicious software in the startup folder of a Windows PC, a malicious program that would run after the next reboot, infecting and supporting the PC. A demonstration demonstration video recorded by the Check Point team is available below.

WinRAR devs released WinRAR 5.70 Beta 1 on January 28 to address this vulnerability, which is listed under the CVE-2018-20250, CVE-2018-20251, CVE-2018-20252, and CVE-2018-20253.

As the developers lost access to the source code of the UNACEV2.DLL library around 2005, they decided to no longer support the ACE archive formats.

In the months and years to come, because of the extremely extensive user base of WinRAR, users need to know that malware operators will likely try to exploit this vulnerability.

Individual users should be careful not to open ACE archives that they receive by email unless they have previously updated WinRAR. Large body system administrators should also notify their employees to open these files without first updating WinRAR.

Operator vendors have already expressed interest in purchasing vulnerabilities in file compression utilities last year, offering to pay up to US $ 100,000 for a remote code execution flaw in WinRAR , 7-Zip, WinZip (on Windows) or tar (on Linux).

The reason is that these types of applications are almost always installed on business or home computers and provide an ideal attack surface for hackers or government entities.

Related security coverage: