Subj : Security Advisory on RAR
To   : All
From : Matthew Munson
Date : Sat Mar 16 2019 11:12 am

Upgrade to 5.70 ASAP

https://www.ghacks.net/2019/02/21/winrar-has-a-critical-security-bug-here-is-the-fix/

WinRAR has a critical security bug: here is the fix
by Martin Brinkmann on February 21, 2019 in Security - 33 comments
WinRAR is a very popular software to create and extract archives on Windows and 
other 
supported operating systems. Part of its popularity comes from its support for 
different 
types of packing formats, another that the software's trial version never 
expires.

A bug was discovered recently that affects all versions of WinRAR prior to 
5.70. The bug, 
a remote code execution vulnerability, affects all WinRAR versions and thus all 
500 
million users that use the application.

Security researchers discovered a flaw in a library that WinRAR uses to extract 
files from 
archives packed with the ACE format.

Attackers can exploit the vulnerability by pushing specially prepared archives 
to user 
systems. The bug can be abused to extract the files into any folder on the 
system 
instead of the folder selected by the user or the default folder for extracted 
files. 
--- Platinum Xpress/Win/WINServer v7.0
 * Origin: Inland Utopia BBS * Ontario, CA * iutopia.dtdns.net (1:218/109)

.