19-year-old vulnerability discovered in WinRAR, fixed in 5.70 beta 1

Written over 1 year ago by IanDorfman

A code vulnerability in WinRAR that existed for 19 years before being discovered has now been patched out of the popular Windows archive extraction program.

As WinRAR's developers described in the changelog for version 5.70 beta 1:

"Nadav Grossman from Check Point Software Technologies informed us about a security vulnerability in UNACEV2.DLL library. Aforementioned vulnerability makes possible to create files in arbitrary folders inside or outside of destination folder when unpacking ACE archives.

WinRAR used this third party library to unpack ACE archives. UNACEV2.DLL had not been updated since 2005 and we do not have access to its source code. So we decided to drop ACE archive format support to protect security of WinRAR users.

We are thankful to Check Point Software Technologies for reporting this issue."

Though less of a fix and more just removing support for ACE archives, it was still likely the more sensible move: the sole program that can create ACE archive files, Small WinAce iconWinAce, has not been updated since November of 2007. The risk from leaving the vulnerability in far outweighed the use of ACE archives at this point.

In any case, it is highly recommended for all Small WinRAR iconWinRAR users to update their install of the utility using the links found here. Remember to choose "WinRAR 5.70 Beta 2 64bit" to ensure your installation does not have this vulnerability (or the "WinRAR 5.70 Beta 2 32bit" version if you are using legacy machines with 32bit CPUs).

Further coverage:
Check Point Research
The Verge
gHacks Tech News
Engadget
WinRAR changelog