Best Top Reviews Online

Due To The Lack Of Auto-updates, A Patched WinRAR Flaw Is Still Being Exploited

Diverse cybercriminal organizations and lone hackers continue to exploit a recently patched critical code execution flaw in WinRAR, a popular Windows file compression application with 500 million users worldwide.

Why? Due to the absence of an auto-update function, millions of WinRAR users are unfortunately vulnerable to cyber attacks.

The critical vulnerability (CVE-2018-20250) patched by the WinRAR team late last month with the release of WinRAR version 5.70 beta 1 affects all previous versions of WinRAR released over the past 19 years.

For those unaware, the vulnerability is the “Absolute Path Traversal” bug that resides in the old third-party library UNACEV2.DLL of WinRAR and enables attackers to extract a compressed executable file from an ACE archive to one of the Windows Startup folders, where the malicious file would run automatically upon the next reboot.

Therefore, to successfully exploit this vulnerability and take complete control of the affected computers, an attacker only needs to convince users to open a maliciously-crafted compressed archive file with WinRAR.

As soon as the details and proof-of-concept (PoC) exploit code were made public, malicious attackers began exploiting the vulnerability in a malspam email campaign to install malware on the computers of users running the vulnerable version of the software.

Now, security researchers from McAfee have reported discovering more than “100 unique exploits and counting” in the first week following the vulnerability’s public disclosure, with the majority of initial targets residing in the United States.

One recent campaign discovered by the researchers rides on a pirated copy of a hit album by Ariana Grande, which is currently detected as malware by only 11 security products, while 53 antivirus products fail to warn users at the time of writing.

The malicious RAR file (Ariana Grande-thank u, next(2019) [320].rar) detected by McAfee extracts a list of harmless MP3 files to the victim’s download folder but also drops a malicious EXE file to the startup folder, which is intended to infect the victim’s computer with malware.

The researchers explain, “When a vulnerable version of WinRAR is used to extract the contents of this archive, a malicious payload is created in the Startup folder.”

“User Access Control (UAC) is bypassed, so the user is not prompted. When the system restarts, the malware is executed.”

Unfortunately, such campaigns are still active, and the best way to protect yourself is to update your system as soon as possible by installing the most recent version of WinRAR and avoid opening files received from unknown sources.

Why Trust Us?

Best Top Reviews Online was founded in 2018 to provide our readers with thorough, unbiased, and independent advice on what to buy. We now have millions of monthly users from all over the world and evaluate over 1,000 products per year.

The article above was written by the BestTopReviewsOnline team, which includes many of the US’s most knowledgeable technical experts. Our team includes well-known writers with extensive experience in mobile phones, computing, technology, photography, and other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus

Get more info



Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to As an Amazon Associate I earn from qualifying purchases.


Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of