WinRAR patch is issued but the unpatched are at risk
In a March 19th 2019 article at techxplore.com, Nancy Cohen reports
on how Window's users who use the third party WinRAR archive utility
but who are not yet using the latest version 5.7 update are potentially
vulnerable to "booby trapped" malicious archive files.
Quote:
Originally Posted by Nancy Cohen, TechExplore
"The absolute path traversal made it possible for archive files to extract to the Windows startup folder (or any other folder of the archive creator's choosing) without generating a warning," said Dan Goodin in Ars Technica. "From there, malicious payloads would automatically be run the next time the computer rebooted."
McAfee, meanwhile, said they identified over 100 unique exploits. And they are still in counting mode.
Yep I switched to 7Zip years ago never looked back. I only archive to zip format as its most stable and portable so best chance of opening in years to come. It also opens every archive format I throw at it too. None of these WinZip and WinRar issues anymore. I find it odd that anyone uses those programs anymore.