Researchers from Check Point Software Technologies have uncovered a security flaw in WinRAR, a popular Windows file archiver software utility tool. The researchers were interested in fuzzing, i.e, to suss out unexpected behaviors of an application by feeding it with malformed inputs. Such inputs are usually crafted by taking valid parameters and adding random errors to them.
They managed to fuzz WinRAR and uncovered a security flaw that was buried deep within one of WinRAR’s dynamic link library files (DLL), i.e., the UNACEV2.dll. This particular code library file has been hasn’t been updated since 2005.
