Skip to main content

Computer & Information Networking Center

Important information security alert

:::
  • Tel:
    +886-2-3366-5022
    +886-2-3366-5023

    Mail:
    cchelp@ntu.edu.tw

:::
WinRAR unzip software major security flaw exposed
  • Date:2019-03-21

The well-known tools software WinRAR has a major breach in its security. All users please update your WinRAR version as soon as possible.

Foreword:

WinRAR a tools software that is used to compress and revert information in the Windows system. It can compress ACE, CAB, ISO, XZ, ZIP, and 7z documents. This is a software with a free trial. Once the trial is up, a purchase notification will pop up. It is still available for use, but will not update the software version automatically.

The 2019 February checkpoint announces a breach in WinRAR’s security. Hackers planted malware in user’s boot procedure. Up till today, over 100 attacks has been recorded and is still increasing.

Breach Description:

Hackers made use of the weak point in WinRAR’s analytics of ACE documents to DLL module. Because of DLL module’s imprecise compression route, the directory traversal breach allowed hackers to revert documents to any route. As long as they induce users to open the malicious ACE document (they can rename .ACE documents to .RAR), hackers can revert the malware into the system boot folder. When the system reboot, the malware will be carried out automatically.

Recommended Protection Steps:

  1. WinRAR has updated a breach-fixed version on February 28th. It is suggested to update as soon as possible.
  2. Use other unzip software.

Reference:
https://ithome.com.tw/news/128995
https://www.ithome.com.tw/news/129402