WinRAR, a popular piece of Windows software for managing archival formats, has been harboring a nasty vulnerability for nearly two decades, potentially allowing malicious software to insert items into a computer's startup folder without any needed user permission. Now, it has been patched at a cost.