Yesterday, security experts of Checkpoint Security Labs posted about a 19 year old vulnerability in WinRAR. It is very impressive to read through their report as they have given very detailed explanation of the whole process of how they discovered the vulnerability and reproduced it to create proof-of-concept code.
Technically, the vulnerability in not with WinRAR itself but with a DLL file it has been using to unpack the ACE archives. ACE archives are created using WinACE that was available in early 2000s. WinACE developers stopped working on it in 2007 and after that even the website has become offline. A file from old WinACE package called UNACEV2.DLL was being bundled with WinRAR for supporting the decompressing of the ACE archives. This file allows path traversal and can be used to drop files anywhere in your computer. So if you try to extract files from a specially designed ACE archive, it will extract some files in the expected folder, but other malicious files in some locations in your computer such as the auto-start folder.
WinRAR developers have decided to drop ACE from future versions for two main reasons – ACE is a proprietary format and nobody really uses ACE archives anymore. Even back in 2000s, not many people used the ACE archives, and you do not really come across ACE now-a-days therefore not any people are going to miss the removed ACE support from WinRAR.
If you are able to update WinRAR, then you should install the latest version of WinRAR (as of now 5.70 beta 2) on your computer. But if you cannot install new version (because your PC is old and new version makes it slower), then just delete the UNACEV2.DLL file from the WinRAR installation folder. Another option is to just uninstall WinRAR and use 7-Zip instead.
You can read the detailed CheckPoint Security report here – https://research.checkpoint.com/extracting-code-execution-from-winrar/