Security researchers have discovered a bug in the WinRAR file compression application that actually allow hackers to execute code remotely. The flaw has existed in all versions of the software for the last 19 years.
“We found a logical bug using the WinAFL fuzzer and exploited it in WinRAR to gain full control over a victim’s computer,” said Nadav Grossman of Check Point Software.
“The exploit works by just extracting an archive and puts over 500 million users at risk. This vulnerability has existed for over 19 years(!) and forced WinRAR to completely drop support for the vulnerable format.”