A new exploit code for a newly discovered WinRAR vulnerability was published to Github. The vulnerability was discovered in the UNACEV2.DLL library of the popular Windows file compression application. A maliciously-crafted ACE archive file can be extracted into the Windows Startup folder to execute arbitrary code on a targeted system. An in-the-wild malspam email campaign is distributing a malicious RAR archive file that exploits the latest vulnerability to install malware on computers running the vulnerable version of the software.
Source: https://thehackernews.com/2019/02/winrar-hacking-exploit.html