Please login or register.

Login with email, password and session length


Happy Holidays!

Author Topic: winrar  (Read 4245 times)

Offline Panther_Gunn

  • Villains' worst nightmare come true
  • Titans
  • Hero Member
  • Posts: 3768
« on: March 18, 2019, 10:57:30 PM »
I know there's more than a couple of us stubborn old farts seasoned, thrifty individuals that continue to use the same programs for a long time around here, so there's probably more than a couple of us still using WinRAR to open, and perhaps still compress, things.  However, if you're using a version older than 5.7, just released last month, read on.

One of the archive format decompressors that WinRAR has been supporting probably since itís beginning, ACE, has been found to have a security flaw that would allow anything archived with that format to unpack files in folders other than what the program/user chooses, such as Windows/System32, the C: root directory, or the Startup folder.  Since WinRAR uses the content to determine which type of archive itís working with rather than the file extension, malicious files could be archived with the ACE format & have the file extension changed to .rar or .zip to appear innocent.
In their most recent posting, WinRAR addresses this, saying that the unpacker for the ACE format hasnít been updated since 2005, and the source code isnít available (Wikipedia has it listed as abandonware), and has dropped it from their newest release.

Long story short, if you are using any version of WinRAR prior to v5.7 (which just got released last month) you should either stop using it (7-zip is still free) or disable the ACE unpacker.  To do this, go into the WinRAR folder under Program Files, and find the file UNACEV2.dll.  Rename or delete that file, and WinRAR will no longer be able to open ACE files, but should still work fine otherwise.
The Best There Is At What I Do......when I have the time.

Offline Deaths Jester

  • Drunken Arse!!
  • Hero Member
  • Posts: 4469
Re: winrar
« Reply #1 on: March 18, 2019, 11:14:31 PM »
Thanks for the info, PG! This cranky, old, cheapskate, drunken, undead arse is happy to know this!
Avatar picture originally a Brom painting entitled Marionette.