top of page

WinRAR security flaw


Many litigation support professionals will have had occasion to install and use the file compression software, WinRAR. WinRAR can compress files in the zip format and extract files in several compression formats.

This past February a security flaw was found in WinRAR that can be exploited to gain control over a user's computer. WinRAR uses a .dll file (named, unacev2.dll) to open ACE files. ACE is a file compression format that was most popular around 2000. WinRAR's dynamic link library does not have adequate protection, and can be used to extract a file to the Windows startup folder. A file named, CMSTray.exe, is extracted there, and is then used to download the Cobalt Strike Beacon pen testing tool. This can give a malicious outside user the ability to control your computer.

The updated version of WinRAR addresses the vulnerability, but it's best to exercise caution when using WinRAR or working with ACE files. WinRAR has been used to distribute malware in other ways. Many anti-virus programs do not adequately protect against the vulnerabilities of ACE files.


Sean O'Shea has more than 20 years of experience in the litigation support field with major law firms in New York and San Francisco.   He is an ACEDS Certified eDiscovery Specialist and a Relativity Certified Administrator.

​

The views expressed in this blog are those of the owner and do not reflect the views or opinions of the owner’s employer.

​

If you have a question or comment about this blog, please make a submission using the form to the right. 

Your details were sent successfully!

© 2015 by Sean O'Shea . Proudly created with Wix.com

bottom of page