![]() Attackers could rename ACE files to RAR or ZIP, and WinRAR would handle them just fine. WinRAR uses the content of the file to determine the archive format that was used to compress the files means, it is not enough to avoid any ACE files for the time being. The researchers published a video that demonstrates the exploit. ![]() ![]() Tip: Find out how to repair and extract broken WinRAR archives.Īttackers could select to extract files to Windows' startup folder so that programs are executed on the next start of the system. The bug can be abused to extract the files into any folder on the system instead of the folder selected by the user or the default folder for extracted files. Security researchers discovered a flaw in a library that WinRAR uses to extract files from archives packed with the ACE format.Īttackers can exploit the vulnerability by pushing specially prepared archives to user systems. The bug, a remote code execution vulnerability, affects all WinRAR versions and thus all 500 million users that use the application. A bug was discovered recently that affects all versions of WinRAR prior to 5.70.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |