100 Exploits addresses WinRAR vulnerarbility

Meanwhile, there are probably already about 100 exploits with which cyber criminals try to exploit the recently discovered and patched WinRAR vulnerability (CVE-2018-20250) in Windows UNACEV2.DLL.


In mid-February, a decade-old code execution vulnerability in a library file UNACEV2.DLL used by WinRAR, among others, became publicly known. This vulnerability threatens millions of users who use software with this DLL under Windows. I had reported in the the blog post Vulnerababe UNACEV2.DLL puts software like WinRAR at risk about it. WinRAR solved the problem by removing the library file UNACEV2.DLL. But many software packages use the library file UNACEV2.DLL without users suspecting it. 

Now ZDNet.com has published this article about that topic. McAfee security researchers have now observed around 100 attack variants attacking this vulnerability via manipulated .RAR archives. So update your WinRAR and search your Windows system disk for the library file UNACEV2.DLL and remove it (if the software associated with the DLL doesn't ships an update).

Similar articles:
Vulnerababe UNACEV2.DLL puts software like WinRAR at risk
Micropatch for UNACEV2.DLL vulnerability CVE-2018-20250

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security, Software and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *