19-Year-Old WinRAR Flaw Plagues 500 Million Users

Popular Windows data compression tool WinRAR has patched a serious 19-year-old security flaw that was discovered on its platform, potentially impacting 500 million users.

The path-traversal vulnerability, which WinRAR fixed in January, could allow bad actors to remotely execute malicious code on victims’ machines – simply by persuading them to open a file, researchers with Check Point Software said on Wednesday.

“We found a logical bug using the WinAFL fuzzer and exploited it in WinRAR to gain full control over a victim’s computer,” said Nadav Grossman with Check Point in the analysis. “The exploit works by just extracting an archive, and puts over 500 million users at risk. This vulnerability has existed for over 19 years(!) and forced WinRAR to completely drop support for the vulnerable format.”

more here:

Attached: fuzzing.jpeg (800x533, 52.43K)

I bought the license and this is how I'm rewarded

Attached: Chap_96_Chrollo_cries.png (683x302, 81.85K)

Shoulda just used 7zip dude.

The real winners are those who actually threatened to buy Winrar, and followed through with the threat.

shiggy diggy doo

Attached: frog01.ans.png (640x368, 5.21K)

Thats just Russian spyware

Lucky for me I use winzip

Top fucking kek.

Attached: harland-williamsjpg-870dc6181f6db4de_large.jpg (432x521, 44.13K)

I'm confused. This just sounds little different from "if you download some malware and install it on your computer, you now have malware on your computer".

After feeding this news into my jew-to-goy translator I got the following…WinRar now compromised. We can now corrupt your archives, goy. Payed solution incoming.

Developed by an alcoholic who drank himself to death.

The cianiggers suicided him for making non-pozzed software. Now you have POZWARE only, no more software!

Attached: xcopyxmas92ger.png (640x400, 20.25K)


the slight difference is between opening a file and running a program


Which format is that Kuntbrockman?

Only a very slight difference. Most malwares run as soon as you open the file. That's why you scan them before opening them and don't download from shady places.

PeaZip all the way!

Attached: 600px-Peazip_ico.svg.png (600x600, 41.83K)

Like it's relevant at all these days.

More than 20 Years since he made it, and the creator (Eugene Roshal) still refuses to put the Source Code in the Public Domain.

I don't even know how he's earning any money from it (if any) when literally nobody bought WinRAR ever! Maybe he's on some special Russian government welfare check for as long as he earns below a certain threshold and keeps the program proprietary, he gets "state benefits" or something…

Attached: Yevgenii-Lazarevich-Roshal.jpg (229x292, 8.97K)

I bet tons of people do.

Why do we even compress files anymore? Our harddisks our huge and we have no privacy.

(oh hey I'm gonna hide my mathematical solution to a problem no one's heard of in this zip)

Yoink. Oops oh well guess I can't use a computer to figure anything out now.

You can keep using an old HDD instead of buying a new one. If stuff like MP3 and AVI didn't exit, your media files would be fucking huge. Well it doesn't make sense to zip those, since they're already compressed, but it does make sense to compress stuff like ISO's or other disk images that might have lots of empty blocks. I collect 80's computers software and have tons of zip files for that reason.
The other thing archives give you is a checksum of the files inside. So you can tell if they got corrupted or not.

Attached: foo.png (1360x748, 145.7K)

I read some time back that they had some shit in an exe file and your shit would get stinky if you opened it. Devs even said if someone was so foolish they deserved it. That was long ago i read that. Winrar.

yes, that sad terrible genetics jew face is accurate.


How did you find this sight anthony burch?

I believe they largely made money from suing major companies that used their program without paying or companies that worry about being sued.

People still use WinRAR? Don't get me wrong, it was good for a time but it was replaced with better alternatives.

Did we put enough emotionally manipulative words and phrases in to totally exaggerate this or what? Hello? Tel aviv?

Questions answered: It's only a problem for the .ace file type. Not common, but I have a few. .zip is for plebs, .rar is for "look at me I'm on the dark web torrentin' warez", and .ace is for "fuck you posers, I am fucking Neo and when the time comes, I won't have to"

read it again … any ACE file that comes with a RAR extension will still be opened by the same compromised program and hand over control to the haxx0rs