Check Point Research has uncovered a bug in file extraction software WinRAR that has left users at risk for the past 19 years.
The software was known for prompting users to buy it, but you could click on “next time” and continue extracting files indefinitely.
However, according to Check Point, this opened an opportunity for hackers to access user’s computers.
According to Check Point’s report, hackers could rename an ACE file with a RAR extension, allowing them to use WinRAR on a computer to extract a malicious program to it startup folder.
After Check Point released the report, WinRAR patched the exploit by releasing a new version of the software that drops support for ACE archives.
Check Point claimed that the exploit left over 500 million users at risk over the course of its existence.