Friday, January 22, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Critical WinRAR Flaw Affects All Versions Released In Last 19 Years

February 21, 2019
in Internet Privacy
Critical WinRAR Flaw Affects All Versions Released In Last 19 Years
590
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Credit: The Hacker News

Beware Windows users… a new dangerous remote code execution vulnerability has been discovered in the WinRAR software, affecting hundreds of millions of users worldwide.

You might also like

Missing Link in a ‘Zero Trust’ Security Model—The Device You’re Connecting With!

Importance of Application Security and Customer Data Protection to a Startup

Hackers Accidentally Expose Passwords Stolen From Businesses On the Internet

Cybersecurity researchers at Check Point have disclosed technical details of a critical vulnerability in WinRAR—a popular Windows file compression application with 500 million users worldwide—that affects all versions of the software released in last 19 years.

The flaw resides in the way an old third-party library, called UNACEV2.DLL, used by the software handled the extraction of files compressed in ACE data compression archive file format.

However, since WinRAR detects the format by the content of the file and not by the extension, attackers can merely change the .ace extension to .rar extension to make it look normal.

According to researchers, they found an “Absolute Path Traversal” bug in the library that could be leveraged to execute arbitrary code on a targeted system attempting to uncompress a maliciously-crafted file archive using the vulnerable versions of the software.

The path traversal flaw allows attackers to extract compressed files to a folder of their choice rather than the folder chosen by the user, leaving an opportunity to drop malicious code into Windows Startup folder where it would automatically run on the next reboot.

As shown in the video demonstration shared by researchers, to take full control over the targeted computers, all an attacker needs to do is convincing users into just opening maliciously crafted compressed archive file using WinRAR.

Since the WinRAR team had lost source code of the UNACEV2.dll library in 2005, it decided to drop UNACEV2.dll from their package to fix the issue and released WINRar version 5.70 beta 1 that doesn’t support the ACE format.

Windows users are advised to install the latest version of WinRAR as soon as possible and avoid opening files received from unknown sources.


Credit: The Hacker News By: noreply@blogger.com (Swati Khandelwal)

Previous Post

Raiz Invest partners with UNSW to advance machine learning

Next Post

Microsoft publishes security alert on IIS bug that causes 100% CPU usage spikes

Related Posts

Missing Link in a ‘Zero Trust’ Security Model—The Device You’re Connecting With!
Internet Privacy

Missing Link in a ‘Zero Trust’ Security Model—The Device You’re Connecting With!

January 22, 2021
Importance of Application Security and Customer Data Protection to a Startup
Internet Privacy

Importance of Application Security and Customer Data Protection to a Startup

January 22, 2021
Hackers Accidentally Expose Passwords Stolen From Businesses On the Internet
Internet Privacy

Hackers Accidentally Expose Passwords Stolen From Businesses On the Internet

January 22, 2021
MrbMiner Crypto-Mining Malware Links to Iranian Software Company
Internet Privacy

MrbMiner Crypto-Mining Malware Links to Iranian Software Company

January 22, 2021
Here’s How SolarWinds Hackers Stayed Undetected for Long Enough
Internet Privacy

Here’s How SolarWinds Hackers Stayed Undetected for Long Enough

January 21, 2021
Next Post
Microsoft publishes security alert on IIS bug that causes 100% CPU usage spikes

Microsoft publishes security alert on IIS bug that causes 100% CPU usage spikes

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Missing Link in a ‘Zero Trust’ Security Model—The Device You’re Connecting With!
Internet Privacy

Missing Link in a ‘Zero Trust’ Security Model—The Device You’re Connecting With!

January 22, 2021
Remote Learning Boosting Adoption of Innovative Technologies for Education 
Artificial Intelligence

Remote Learning Boosting Adoption of Innovative Technologies for Education 

January 22, 2021
Machine Learning & Big Data Analytics Education Market 2026| Querium • Knewton • Third Space Learning • Blackboard • Fishtree • Cognizant
Machine Learning

Machine Learning & Big Data Analytics Education Market 2026| Querium • Knewton • Third Space Learning • Blackboard • Fishtree • Cognizant

January 22, 2021
Windows RDP servers are being abused to amplify DDoS attacks
Internet Security

Windows RDP servers are being abused to amplify DDoS attacks

January 22, 2021
With New Healthcare Tech Relying on Data Sharing, Trust is Required 
Artificial Intelligence

With New Healthcare Tech Relying on Data Sharing, Trust is Required 

January 22, 2021
Machine Learning Market Manufacturers Analysis 2020-2026 – The Courier
Machine Learning

Machine Learning Market Manufacturers Analysis 2020-2026 – The Courier

January 22, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Missing Link in a ‘Zero Trust’ Security Model—The Device You’re Connecting With! January 22, 2021
  • Remote Learning Boosting Adoption of Innovative Technologies for Education  January 22, 2021
  • Machine Learning & Big Data Analytics Education Market 2026| Querium • Knewton • Third Space Learning • Blackboard • Fishtree • Cognizant January 22, 2021
  • Windows RDP servers are being abused to amplify DDoS attacks January 22, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates