A detailed blog post, Check Point explained that by renaming and ACE file with a RAR extension, hackers could manipulate WinRAR to extract a malicious program to a computer's startup folder. The program would run automatically when your computer started. Check Point says the flaw existed for 1
There have been no reported attacks using this bug. But 19 years is pretty long time to have a flaw like this, and with 500 million users potentially exposed, we would say this is a major oversight on WinRAR's part. If you are one of the millions still using WinRAR, this would be a good time to update the software. The lesson for all of us is what you did on your PC 20 years ago can indeed come back to haunt you.