WinRaR security alert.
Posted: Sat Mar 23, 2019 7:29 pm
If anyone is using WinRaR, you need to update to the latest version. A vulnerability was found in the ACE compressed file format that allows any file being decompressed from an ACE archive to escape from the target directory and traverse backward up the directory tree, otherwise known as an "absolute path traversal vulnerability". WinRaR determines the type of the archive by inspection, not by believing the file extension. So an attacker could rename the ACE file with a RAR extension and you might think you are downloading a RAR compressed file when in fact you are downloading a potentially malicious ACE compressed file. There have been found more than 100 different exploits in the wild attempting to take advantage of this vulnerability.