• Skip to primary navigation
  • Skip to main content
  • Skip to footer
Vitanium logo

Vitanium

  • Home
  • Products & Services
    • Datahive cloud backup
    • Veeam cloud connect backup
    • Veeam cloud connect for MSPs
    • Veeam Cloud Connect Replication
    • Cloud email filtering
    • Cloud email archiving
    • Virus Protection
  • Solutions
    • Office 365 Solutions
    • Ransomware
    • Business continuity
    • GDPR
    • Backup for education
  • Pricing
    • Datahive backup
    • Veeam cloud connect
    • Cloud email filtering
    • Cloud email archiving
  • Partners
  • About
  • Blog
  • Contact
winrar exploit

Over Half A Billion Affected By WinRAR Vulnerability

February 28, 2019

WinRAR or LoseRAR?

A vulnerability has recently been discovered in WinRAR after 19 years of going undetected. A vulnerability that allows files unpackaged with WinRAR to be added straight to your startup library, meaning malware could be smuggled onto your machine and activate next time you boot up your machine.

Security boffins over at CheckPoint Research announced that over 500 million users of WinRAR are potentially at risk from this software exploit. The exploit that could come into play should a user open a malicious archive, which could have been downloaded from a dodgy website or maybe received in an email.

The specific issue is with a .dll that is used to parse ACE archives named unacev2.dll. ACE is a compression format that was created in the 90s and hasn’t actually been updated since 2005. In fact, the last company to create a program that offered ACE archiving did so in 2007 and it shut down a couple of years ago.

So what do you need to do to make sure you can’t be affected by this exploit? Simply make sure WinRAR is updated to at least version 5.70. WinRAR removed the vulnerability in the latest update after realising it would be very difficult to create a fix, considering they do not have access to the source code and… well no one uses the ACE format anymore anyway!

In their latest patch notes, WinRAR said, “Nadav Grossman from Check Point Software Technologies informed us about a security vulnerability in UNACEV2.DLL library. Aforementioned vulnerability makes possible to create files in arbitrary folders inside or outside of destination folder when unpacking ACE archives.

WinRAR used this third party library to unpack ACE archives. UNACEV2.DLL had not been updated since 2005 and we do not have access to its source code. So we decided to drop ACE archive format support to protect security of WinRAR users.

We are thankful to Check Point Software Technologies for reporting this issue.”

With security issues like this going undetected for so many years, it makes you wonder what else could be out there. Maybe hackers know of more that are not in the public domain yet. To make sure your business is prepared for these kinds of attack it is essential to have a data backup solution, completely removing the threat from Malware and Ransomware. Check out Datahive and Veeam to see what suits your company requirements.

Filed Under: blog

Footer

EMEA

Vitanium

Europe, Middle East & Africa
phone + 44 (0)345 258 1500
email info@vitanium.com

America & Asia

Vitanium

10 Lanidex Plaza West Ste 213
Parsippany, NJ 07054
phone +1 973 526-2979
hotline +1 973 526-2988
email info@vitanium.com

Asia Pacific

phone +65 6353 0555
hotline +65 6353 7448
email info@vitanium.com

Newsletter Optin

Sign up to our newsletter for the latest in backup and data protection solutions. No spam - we promise!

  • LinkedIn
  • Twitter

Useful links

  • Home
  • Datahive cloud backup
  • Veeam cloud connect backup
  • Veeam Cloud Connect Replication
  • Office 365 Solutions
  • Cloud email filtering
  • Cloud email archiving
  • Pricing
  • Partners
  • About
  • Complaints

Copyright © 2021 · Vitanium Cloud Limited.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are as essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.