WinRAR is a powerful archival tool that has been available for the past 23 years, allowing users to unpack and create RAR, ZIP, and other archive files.
But recently, a collection of security researchers at Check Point Software Technologies have discovered that a vulnerability that could allow malicious individuals to take advantage of users’ machines running the software, implanting startup programs without any needed authorization from the user.
Most users who had used WinRAR around the turn of the century most likely remember the software for its 40-day trial that could easily be bypassed — allowing for continuous use after the initial trial period.
WinRAR still exists today, which is why the company quickly patched its software after learning about the vulnerability, adding a fix in version 5.7 beta 1 for an update that is long overdue.
The exact details of the dangerous vulnerability came down to a single DLL file — files used by Windows to access libraries of digital information — that enabled exploiters to use an old component from the defunct ACE archive format.
The ACE archive format was last updated in 2007, but WinRAR had decided to continue support for the format until now.