Si on ouvre une archive piégée avec une version non mise à jour de Winrar, un exe peut être copié dans le repertoire start up de Windows et executé au prochain démarrage du système.
La faille se trouverait dans une vieille librairie dll de ace.
Winrar a décidé de ne plus supporter le format ace pour retirer cette librairie.
Here is how it works. You open the wrong rar file with an unpatched version of winrar and a payload is dropped in to your windows startup folder. Which means on reboot you will load up an exe.
[...]
The .dll file that contains the actual bug is unacev2.dll because the bug is in ACE, not in winrar. Winrar has just dropped support for ACE in 5.7 and removed the .dll file from their install. All software with ACE support is vulnerable which is not just winrar but also software like Total Commander among others.
https://www.reddit.com/r/Bitcoin/comments/ayoz1k/hey_everybody_patch_your_winrar_or_lose_coins/https://bitcoinexchangeguide.com/winrar-exploit-allows-coin-wallet-theft-but-it-has-survived-14-years-without-any-public-knowledge/
