Popular Windows data compression tool WinRAR has patched a serious 19-year-old security flaw that was discovered on its platform, potentially impacting 500 million users.
The path-traversal vulnerability, which WinRAR fixed in January, could allow bad actors to remotely execute malicious code on victims’ machines – simply by persuading them to open a file, researchers with Check Point Software said on Wednesday.
“We found a logical bug using the WinAFL fuzzer and exploited it in WinRAR to gain full control over a victim’s computer,” said Nadav Grossman with Check Point in the analysis. “The exploit works by just extracting an archive, and puts over 500 million users at risk. This vulnerability has existed for over 19 years(!) and forced WinRAR to completely drop support for the vulnerable format.”
I'm confused. This just sounds little different from "if you download some malware and install it on your computer, you now have malware on your computer".
Elijah Fisher
After feeding this news into my jew-to-goy translator I got the following…WinRar now compromised. We can now corrupt your archives, goy. Payed solution incoming.
Kayden Lopez
Developed by an alcoholic who drank himself to death.
Adam Torres
The cianiggers suicided him for making non-pozzed software. Now you have POZWARE only, no more software!
the slight difference is between opening a file and running a program
Elijah Bennett
LOL
Jackson Taylor
Which format is that Kuntbrockman?
Cooper Roberts
Only a very slight difference. Most malwares run as soon as you open the file. That's why you scan them before opening them and don't download from shady places.
More than 20 Years since he made it, and the creator (Eugene Roshal) still refuses to put the Source Code in the Public Domain.
I don't even know how he's earning any money from it (if any) when literally nobody bought WinRAR ever! Maybe he's on some special Russian government welfare check for as long as he earns below a certain threshold and keeps the program proprietary, he gets "state benefits" or something…
Why do we even compress files anymore? Our harddisks our huge and we have no privacy.
Oliver Murphy
(oh hey I'm gonna hide my mathematical solution to a problem no one's heard of in this zip)
Yoink. Oops oh well guess I can't use a computer to figure anything out now.
Wyatt Nguyen
You can keep using an old HDD instead of buying a new one. If stuff like MP3 and AVI didn't exit, your media files would be fucking huge. Well it doesn't make sense to zip those, since they're already compressed, but it does make sense to compress stuff like ISO's or other disk images that might have lots of empty blocks. I collect 80's computers software and have tons of zip files for that reason. The other thing archives give you is a checksum of the files inside. So you can tell if they got corrupted or not.
I read some time back that they had some shit in an exe file and your shit would get stinky if you opened it. Devs even said if someone was so foolish they deserved it. That was long ago i read that. Winrar.
Caleb Gonzalez
yes, that sad terrible genetics jew face is accurate.
James Baker
...
Chase Lopez
How did you find this sight anthony burch?
Ryder Howard
I believe they largely made money from suing major companies that used their program without paying or companies that worry about being sued.
Daniel Richardson
People still use WinRAR? Don't get me wrong, it was good for a time but it was replaced with better alternatives.
Grayson Cox
Did we put enough emotionally manipulative words and phrases in to totally exaggerate this or what? Hello? Tel aviv?
Andrew Hernandez
Questions answered: It's only a problem for the .ace file type. Not common, but I have a few. .zip is for plebs, .rar is for "look at me I'm on the dark web torrentin' warez", and .ace is for "fuck you posers, I am fucking Neo and when the time comes, I won't have to"
Liam Taylor
read it again … any ACE file that comes with a RAR extension will still be opened by the same compromised program and hand over control to the haxx0rs
