1, an overview of the
WinRAR, one of the world’s most popular decompression software, has a serious vulnerability in its unacev2.dll code base, according to Check Point researchers. The code base has not been actively used since 2005. The main function of this code base is to parse ACE format files. ACE is a very old compression format, dating back to the 1990s.
2. Vulnerability hazards
An attacker could make a malicious ACE file, and when the victim unzipped the file using WinRAR, it triggered a path-walking vulnerability in unacev2.dll that unzipped the file to a path of the attacker’s choice, such as unzipped the malicious program into the system’s startup folder, so that the next time the user rebooted, Malicious programs will run automatically. And, according to the researchers, it is possible to extract malicious programs to other computers in combination with SMB sharing.
3. Defensive measures
WinRAR no longer supports the ACE compression format and unacev2.dll was removed last month, Check Point researchers said. The latest version of WinRAR, 5.70 Beta, has fixed this problem.
Download: www.win-rar.com/affdownload…
If other software is used, upgrade it to the latest version or delete the unacev2.dll file in the software directory.
4. Vulnerability analysis and recurrence
Click below to experience online real environment 👇👇
WinRAR code execution vulnerability analysis and utilization
5, description,
This article is compiled by Hetian Net Security Laboratory
The original link: Extracting a 19 Year Old Code Execution from WinRAR – Check Point Research research.checkpoint.com/extracting-…
About Hetian Network security Laboratory Hetian Network security Laboratory (www.hetianlab.com) – the leading practical network security online education platform
Real environment, online practice learning network security
The experimental content covers: system security, software security, network security, Web security, mobile security, CTF, forensics analysis, penetration testing, network security awareness education and so on.