RARLAB removed unacev2.dll entirely to fix the issue.
The archive contains a file with a relative path like C:\Users\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\exploit.exe .
The flaw existed in unacev2.dll , a third-party library WinRAR used to unpack files. Path Traversal: Attackers could bypass folder restrictions. 22793.rar
The file is a well-known proof-of-concept (PoC) archive used to demonstrate a critical vulnerability in WinRAR (tracked as CVE-2018-20250 ).
The malware would run automatically the next time the user logged in. 📂 Technical Breakdown RARLAB removed unacev2
Files could be dropped into the Windows Startup folder .
WinRAR failed to properly sanitize these paths, allowing the file to be written outside the intended extraction folder. ⚠️ Security Implications 22793.rar
When a user opens "22793.rar" (or similar ACE-based exploits):