19-year old vulnerability found in WinRAR

Security researchers from CheckPoint discovered a dangerous security vulnerability in the WinRAR archiving software. The vulnerability exploits a bug in the parsing of the ACE format and can result in code execution. The most remarkable thing about this security flaw is that it went undetected for 19 years! Details can be read over here.

In this article, we tell the story of how we found a logical bug using the WinAFL fuzzer and exploited it in WinRAR to gain full control over a victim’s computer. The exploit works by just extracting an archive, and puts over 500 million users at risk. This vulnerability has existed for over 19 years(!) and forced WinRAR to completely drop support for the vulnerable format.

The software that was used to create ACE packages hasn't been updated since 2007 and the company that made it doesn't even exist anymore. As such, WinRAR decided to take the easy way out by simply removing ACE support. All versions newer than WinRAR 5.70 beta 1 no longer contain the vulnerable UNACEV2.DLL.