DEV Community

Andrew (he/him)
Andrew (he/him)

Posted on

14-Year-Old Security Hole Found in WinRAR

#news #link

Details at arstechnica:

"The vulnerability was the result of an absolute path traversal flaw that resided in UNACEV2.DLL, a third-party code library that hasn’t been updated since 2005. The traversal made it possible for archive files to extract to a folder of the archive creator’s choosing, rather than the folder chosen by the person using the program. Because the third-party library doesn’t make use of exploit mitigations such as address space layout randomization, there was little preventing exploits."

Top comments (3)

Collapse
 
oscherler profile image
Olivier “Ölbaum” Scherler

And it wasn’t noticed earlier because it only affects people who bought WinRAR? ;-)

Collapse
 
sebvercammen profile image
Sébastien Vercammen

19-year old bug.

Researchers who found it, and how: research.checkpoint.com/extracting...

Collapse
 
awwsmm profile image
Andrew (he/him)

Wow! That's a really detailed explanation!

Read next

furkangozukara profile image

How to Extract LoRA from FLUX Fine Tuning Full Tutorial + Comparison Between Fine Tuning Extraction vs LoRA Training

Furkan Gözükara -

olga_tash profile image

New React DataGrid, Blazing Fast and Feature-Packed

Olga T. -

ssukhpinder profile image

Write for “.Net Programming” on Medium! 🚀

Sukhpinder Singh -

justinparker profile image

+1855(559=^0764)Does Expedia have 24 hour cancellation Policy?

Justin -