Security researchers from Checkpoint
have reportedly discovered a bug in WinRAR that just might be older than you. According to their bug report, recent version of WinRAR shipped with an ancient "unacev2.dll" file designed to decompress the equally ancient ACE archive format. A bug in the .dll lets malicious archives extract files to any location on the user's system, including the user's startup folder, which would allow an attacker to remotely execute arbitrary code during the next startup. WinRAR has removed the vulnerable .dll file in the program's latest release, as no one unpacks ACE archives anymore, and it seems that the security researchers may have claimed a substantial bug bounty in the process.