#Winrar platform install
RAR files – causing their target users to search out WinRAR to decode the file, even though the archive is an ACE file in reality and using WinRAR to decode it will allow the vulnerability to be leveraged.Ī new version of WinRAR has been issued by the developers which drops support for the ACE format and removes the unacev2.dll file during installation however, WinRAR does not include a mechanism to automatically check for and install updates and so many users remain using vulnerable versions. This feature is being exploited by malware creators, who are naming their infected payloads as. Since WinRAR actively analyses the archive file to determine which unarchive mechanism to use, the Windows file extension is ignored. This means that an archive containing a malware payload which is masquerading as, say, the latest Ariane Grande album (which is one of the more popular active exploits currently) will instead deposit malware into the user’s start-up folder for execution the next time the system is rebooted. The expected bootleg music is also placed in the user’s target folder, so the user is unaware of the additional files installed. The defect in unacev2.dll allows a specially-crafted archive to place its unarchived payload into an arbitrary folder on the system, ignoring any destination folders defined by the user at unarchive time. The bug, which was first reported by Check Point Research, is in a little-used, third-party DLL (Dynamic Linked Library) which decodes ACE archives and was written back in 2005, when coding practices were far less defensive than they are today.
WinRAR is a file archiver/unarchiver for the Windows platform, popular in part as it is distributed as trialware which has led to over 500 million users installing it. A recently disclosed absolute path traversal bug in the WinRAR utility is being actively leveraged in at least 100 unique exploits according to security firm McAfee.
0 kommentar(er)
