Subj : Security Advisory on RAR
To   : All
From : Matthew Munson
Date : Sat Mar 16 2019 11:12 am

Upgrade to 5.70 ASAP

https://www.ghacks.net/2019/02/21/winrar-has-a-critical-security-bug-here-is-the-fix/

WinRAR has a critical security bug: here is the fix
by Martin Brinkmann on February 21, 2019 in Security - 33 comments
WinRAR is a very popular software to create and extract archives on Windows and
other
supported operating systems. Part of its popularity comes from its support for
different
types of packing formats, another that the software's trial version never
expires.

A bug was discovered recently that affects all versions of WinRAR prior to
5.70. The bug,
a remote code execution vulnerability, affects all WinRAR versions and thus all
500
million users that use the application.

Security researchers discovered a flaw in a library that WinRAR uses to extract
files from
archives packed with the ACE format.

Attackers can exploit the vulnerability by pushing specially prepared archives
to user
systems. The bug can be abused to extract the files into any folder on the
system
instead of the folder selected by the user or the default folder for extracted
files.
--- Platinum Xpress/Win/WINServer v7.0
* Origin: Inland Utopia BBS * Ontario, CA * iutopia.dtdns.net (1:218/109)

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.