Well, it took them a while, but it is finally patched. You might want to grab the latest build btw as a vulnerability allowed attackers to copy malware into any folder on the computer or network share... WinRAR patches 19 year old security issue
Seriously. What is the point of knowing this if we don't know how to correct it? 5.61 still lists .ACE in the "Associate with" list, so I'm thinking the beta or some unreleased version still. EDIT: From www.theregister.co.uk "The ACE format has been removed in 5.70 beta 1, so all versions of WinRAR after that release will be protected from the bug."
Hmm, good to know.. Have been using WinRAR for as far back as I can remember -- since early XP days. It's usually one of the first programs I install after installing Windows.. WinRAR 5.70 beta 2 is available to download.
what I did was rename the DLL " UNACEV2.DLL" to " old_UNACEV2.DLL", till new non-beta, but they are on 5.70beta2 last I looked.
I don't really understand the point of Winrar anymore, with so many alternatives that are free and better. I get the impression the only people who still use it are those who had it as their first archive alternative to Windows' built-in tools. And no, I'm not saying Winrar is bad, because it isn't. But if you're going to install 3rd party software, why not something else?
Which one do you download ?, as the top 7x are Trials. Been years since ive downed it. EDIT: Just grabbed the x64 one from the top. I was on v4.11!
Im missing Free Dos version Download on their page. It was always overpriced, i would buy it for $5/$10 bugs, but $40.. its company only thing.
do you work at rarlabs that you cant take a joke? i thought jokes would be accepted here and insults not. guess i was wrong. for that kind of money i would have bought it a long time ago.
I've been using ARJ and PKZIP, since, maybe, the day they appeared, during the "DOS era"... Then, as the window$ gain popularity, came all these 'win-this win-that' (WinACE, WinRAR, WinZIP...), so I checked them all and stayed with WinRAR. Don't care whether there are or aren't any security issues with it....
Just delete UNACEV2.DLL - that completely eliminates the risk*. Then patch or update WinRAR if you want. * https://research.checkpoint.com/extracting-code-execution-from-winrar/
