바로가기

Security Alert



A Vulnerability in all WinRAR versions 2019-02-28

Overview and Impact of the vulnerabilities:

WinRAR is a Windows data compression/decompression tool that can be used to create and view RAR or ZIP compression files and decompress files of various compression formats. As the most popular compression tool, WinRAR has more than 500 million users around the world. A vulnerability has been discovered in UNACEV2.dll in WinRAR, which does not properly sanitize file names when decompressing .ace files, leading to directory traversal. This indicates that an attacker could write a malicious file to an arbitrary path, thus making it possible to plant a backdoor trojan. This vulnerability has been in WinRAR for more than 19 years. Now WinRAR has to completely stop supporting the vulnerable format (.ace). An attacker could exploit this vulnerability by crafting an archive and then tricking victims into downloading it by means of a phishing email, net disk, or forum. When a victim opens this malicious file with WinRAR, the attack is complete.


Vulnerable or affected version:
• All versions prior to WinRAR 5.70 Beta 1
Risk: All Government and Business entities which use WinRAR, the risk is High.

Solutions (Mitigations):
Rw-CSIRT is strongly recommending Users or Administrators the following actions be taken:
1) When you upgrade to WinRAR 5.70 Beta 1, it s UNACEV2.dll so as not to decompress .ace files. Therefore, users are recommended to upgrade WinRAR to 5.70 Beta 1 version to protect against this vulnerability.
• 32-bit: http://win-rar.com/fileadmin/winrar-versions/wrar57b1.exe
• 64-bit: http://win-rar.com/fileadmin/winrar-versions/winrar-x64-57b1.exe
2) All users are reminded NOT to visit untrusted websites or open links provided by unknown or untrusted sources.
3) Users who cannot upgrade to the latest version for the time being can protect against this vulnerability by deleting UNACEV2.DLL from the WinRAR installation directory.
Affected users should: contact Rw-CSIRT by calling us on 4045 or writing to security@risa.rw

References:
https://thehackernews.com/2019/02/winrar-malware-exploit.html
- Previous Mozilla Firefox Security released
- Next Alert – Critical Patches issued for Microsoft Products
list