![]() With over a decade of writing experience in the field of technology, Chris has written for a variety of publications including The New York Times, Reader's Digest, IDG's PCWorld, Digital Trends, and MakeUseOf. Chris has personally written over 2,000 articles that have been read more than one billion times-and that's just here at How-To Geek. WinRAR reportedly has 500 million users worldwide, and we're certain most of those users haven't yet heard of this bug and updated WinRAR.Ĭhris Hoffman is the former Editor-in-Chief of How-To Geek. ![]() We're also extremely disappointed that WinRAR's website doesn't highlight information about this security flaw and instead buries it in WinRAR's release notes. WinRAR doesn't automatically update itself. However, unless you've heard of this "path traversal" flaw already, you may be at risk. WinRAR contained an ancient DLL from 2006 to enable support for ACE archives, and that file has now been removed from the latest versions of WinRAR, which no longer support ACE archives. This serious flaw was found by researchers at Check Point Software Technologies. ![]() When you extract the file with a vulnerable version of WinRAR, it can automatically place malware in your Startup folder without any additional user action. An attacker simply needs to create a specially crafted ACE archive and give it the. Specifically, this flaw is a result of WinRAR's ACE file support. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |