Skip to content

DEV Community

Andrew (he/him)

Posted on Feb 20, 2019

14-Year-Old Security Hole Found in WinRAR

#news #link

Details at arstechnica:

"The vulnerability was the result of an absolute path traversal flaw that resided in UNACEV2.DLL, a third-party code library that hasn’t been updated since 2005. The traversal made it possible for archive files to extract to a folder of the archive creator’s choosing, rather than the folder chosen by the person using the program. Because the third-party library doesn’t make use of exploit mitigations such as address space layout randomization, there was little preventing exploits."

Top comments (3)

Subscribe

Olivier “Ölbaum” Scherler • Feb 20 '19

And it wasn’t noticed earlier because it only affects people who bought WinRAR? ;-)

Sébastien Vercammen • Feb 22 '19

19-year old bug.

Researchers who found it, and how: research.checkpoint.com/extracting...

Andrew (he/him) • Feb 22 '19

Wow! That's a really detailed explanation!

🌚 Friends don't let friends browse without dark mode.

Sorry, it's true.

Read next

Google I/O 2023 announced !

Thomas Bnt - Mar 11

Everything You Need to Know About the Updated React Docs

Kathryn Grayson Nanz - Mar 17

What I've been reading (week 7, 2023)

Phil Wolstenholme - Feb 18

Amazon VPC Lattice — Build Applications, Not Networks

Serhii Vasylenko - Mar 17

Andrew (he/him)

Got a Ph.D. looking for dark matter, but not finding any. Now I code full-time. Je parle un peu français.

Location

Ottawa, Canada
Education

Ph.D. in [Astroparticle] Physics
Work

Senior Software Developer at Improving
Joined

Sep 15, 2018

Code is Political

#blacklivesmatter #politics #history #news

20 Reasons to Move On from Java 8

Darwinism in Programming Language Proliferation

#news #discuss #languagetheory

OpenAI

How will ChatGPT will affect the future of coding?

We're not sure either, but the DEV community is figuring this out together.

Create a DEV account. It only takes a minute and is 100% free.

New AI content every day.