Has patched a 19-year-old security vulnerability that allowed attackers to extract malicious software to anywhere on your hard drive. The vulnerability was discovered by researchers at Check Point Software Technologies, who realised that WinRAR’s support for the effectively defunct ACE archive format meant that it was still relying on an insecure and dated DLL file from 2006.
After the security researchers informed WinRAR of their findings, the team patched the vulnerability with version 5.70 beta 1 of the software. Rather than attempt to fix the issue, the team opted to drop support for ACE archives entirely, which was probably the sensible option considering the only program capable of creating the archives, WinACE, hasn’t been updated since 2007.
https://www.theverge.com/2019/2/21/18234448/winrar-winace-19-year-old-vulnerability-patched-version-5-70-beta-1
origin - https://www.pipiscrew.com/2019/02/winrar-patches-19-year-old-security-vulnerability-that-put-millions-at-risk/ winrar-patches-19-year-old-security-vulnerability-that-put-millions-at-risk