A critical code execution vulnerability in WinRAR has been exploited by cyber criminals and hackers. The vulnerability is “Absolute Path Traversal” bug that resides in the old third-party library UNACEV2.DLL. Attackers can extract a compressed file from the ACE archive to one of the Windows Startup folders, where the malicious file would automatically run on the next reboot. Security researchers from McAfee have identified more than 100 unique exploits in the first week since the vulnerability was publicly disclosed.
Source: https://thehackernews.com/2019/03/winrar-hacking-malware.html