Security researchers from Check Point discovered a serious vulnerability in the popular WinRAR software. The vulnerability allowed attackers to copy malware into any folder on the computer or network share unnoticed. By copying the file into the startup folder of Windows, the malware would execute every time Windows started.
WinRAR is a so-called file archiver utility and allows users to combine multiple files into one, and/or shrink the file size of files by compressing them. Due to a bug in the decompressing algorithm of the old, compressed file format .ACE, it was possible to install malware on the computer.
The security researchers who discovered the issue reported it to the developers of WinRAR, who immediately released a patch to fix the bug. The fix was rather simple, the developers removed support for the outdated .ACE format.
WinRAR is very popular, worldwide the software is installed on more than 500 million computers. It’s unknown whether the vulnerability has been exploited in the wild. All WinRAR users are advised to update as soon as possible.