There has been, after 20 years, an exploit found in WinRAR!
While the archive format .ACE has not been readily used in over a decade, WinRAR still supports the unpacking of them when needed. And since the archive type .ace is no longer widely supported, no attention has been paid to the little .dll file that handles the unpacking. Furthermore, the file extension can be changed from .ace to .rar giving an unsuspected surprise as WinRAR reads the file as an .ace file, despite it having been changed.
WinRAR v5.7 addresses this issue, but currently there are no scene release for this version.
In the meantime, we can secure ourselves by simply removing the .dll file responsible.
1. Remove the "UNACEV2.DLL" from your WinRAR installation directory.
- This will not make the software unusable, but will prevent the software from unpacking any .ACE files
For all you tech geeks out there that would like the entire story of this newly found exploit, how it was found and what is being done can read all about it here..
https://research.checkpoint.com/extracting-code-execution-from-winrar/376536
The fix from winrar 5.31 FFF version still works for 5.7.