The recent vulnerability of the file compression and decompression program, of files and folders, that allows remote code execution, affects billions of users around the world.

Some researchers from Check Point, an entity dedicated to cybersecurity, revealed the detailed data of this WinRAR flaw, an application that currently has more than 500 millions of users worldwide, which affects all versions of the program released in the last 19 years.

This error lies in the altered handling of an old library, under the name UNACEV2.DLL, by WinRAR through software that causes the program to extract compressed files in the ACE format.

Despite this, the WinRAR application detects the format according to the content of the compressed package, not by its extension, so if attackers decide to change the file extension to .rar, they will make the application not detect it.

Según los técnicos de Check Point, encontraron un error “Absolute Path Traversal” lo que permite al atacante ejecutar código y descargar archivos malicioso en tu sistema.

Se recomienda actualizar a la última versión de WinRAR y que no se descompriman archivos que no conocen su fuente.


Leave a Reply

Your email address will not be published. Required fields are marked *

More news
A
Read more »
A researcher manages to hack some concert tickets using AI
Read more »
Una nueva campaña de phishing suplanta a ChatGPT
Read more »
Nintendo suffers a data breach through a supplier
Read more »
Trying to make fun of a scammer is not a very good idea
Read more »