Check Point cyber security experts: A 2005 flaw in WinRAR could let a malicious hacker to gain full control over a victim’s computer, thanks to Watering Hole an Spear Phishing cyber attacks
An old and never patched flaw in WinRAR could let a malicious hacker to gain full control over a victim’s computer, using the WinAFL fuzzer. It has been discovered by Check Point cyber security experts. This, thanks to Watering Hole or Spear Phishing cyber attacks that could affect over 500 million users worldwide. The software, in fact, is the world’s most popular compression tool today. The problems arise from gaps in the management of inputs within the “unacev2.dll” library, dating back to 2005 and part of the software, where experts have identified multiple possibilities of abuse when opening archives in ACE format. An attacker, exploiting the flaw, could steal the user’s NTLM hashes to retrieve their credentials, and infect the victim host, placing persistent malware or backdoors within it. the developers have confirmed the issue for all recent WinRAR versions, releasing the 5.70 beta 1 update.
Yoroi-Cybaze researchers suggest evaluating the blocking of the “ACE” archives within own perimeter, if not commonly used for work purposes
According to Yoroi-Cybaze cyber security experts, in-the-wild attacks using these vulnerabilities have not been detected at the moment. But the availability of technical details of the flaw in WinRAR and the technique to exlploit it, could led to cyber attacks against users. So, the researchers suggest evaluating the blocking of the “ACE” archives within own perimeter, if not commonly used for work purposes. However, WinRAR developers decided to drop UNACEV2.dll from their package, and the software doesn’t support ACE format from version number: “5.70 beta 1”. In any case is better to update the tool as soon as possible to avoid possible problems.