Jump to content


Photo
- - - - -

Exploit Found In Winrar After 20 Years.


  • Please log in to reply
6 replies to this topic

#1 richy1976

richy1976

    The furniture

  • Regulars
  • 2601 posts

Donator

Posted 07 March 2019 - 10:36 AM

There has been, after 20 years, an exploit found in WinRAR!

While the archive format .ACE has not been readily used in over a decade, WinRAR still supports the unpacking of them when needed. And since the archive type .ace is no longer widely supported, no attention has been paid to the little .dll file that handles the unpacking. Furthermore, the file extension can be changed from .ace to .rar giving an unsuspected surprise as WinRAR reads the file as an .ace file, despite it having been changed.

WinRAR v5.7 addresses this issue, but currently there are no scene release for this version.

In the meantime, we can secure ourselves by simply removing the .dll file responsible.

1. Remove the "UNACEV2.DLL" from your WinRAR installation directory.
 - This will not make the software unusable, but will prevent the software from unpacking any .ACE files

For all you tech geeks out there that would like the entire story of this newly found exploit, how it was found and what is being done can read all about it here..

https://research.che...m-winrar/376536

 

 

 

The fix from winrar 5.31 FFF version still works for 5.7.



#2 Magz

Magz

    Senior Member

  • Regulars
  • 887 posts

Posted 07 March 2019 - 01:05 PM

Old software eh? Can't remember the last time I had WinRaR on a PC. 7-Zip is free and better.

 

Still, cheers for the heads up, might have it on some client PCs.



#3 ricardo de ponsa

ricardo de ponsa

    Man Of Science

  • Regulars
  • 1110 posts

Posted 07 March 2019 - 06:57 PM

Thanks for the info Richy, I use Winrar and 7-zip a lot, never used .ace or .tar files though.

 

I'm sure there maybe more hidden gems within.


Edited by ricardo de ponsa, 07 March 2019 - 06:58 PM.

Don't come round and steal my Cheerios !!!!


#4 richy1976

richy1976

    The furniture

  • Regulars
  • 2601 posts

Donator

Posted 07 March 2019 - 07:20 PM

Personally i would upgrade if using old versions, even if been ok in the past like i think i have been, as now the news is out of the exploit, hackers will now know and could use it.

#5 todd1970

todd1970

    The furniture

  • Regulars
  • 6818 posts

Posted 07 March 2019 - 08:47 PM

https://filehippo.co...load_winrar/64/

 

Change log : 

 

19. "Diagnostic messages" window displays archive names in a separate
column to provide the better message visibility for lengthy
archive names.

20. Switch -isnd[-] in command line WinRAR mode allows to override
"Enable sound" option in WinRAR settings. Use -isnd to turn sound
notifications on and -isnd- to turn them off.

21. Nadav Grossman from Check Point Software Technologies informed us
about a security vulnerability in UNACEV2.DLL library.
Aforementioned vulnerability makes possible to create files
in arbitrary folders inside or outside of destination folder
when unpacking ACE archives.

WinRAR used this third party library to unpack ACE archives.
UNACEV2.DLL had not been updated since 2005 and we do not have access
to its source code. So we decided to drop ACE archive format support
to protect security of WinRAR users.

We are thankful to Check Point Software Technologies for reporting
this issue.


Mmmmmm...Sandy ive 'ad her ye know. :)

#6 niallquinn

niallquinn

    Member

  • Contributor
  • 723 posts

Posted 09 March 2019 - 12:00 PM

Scene release was released over a week ago.  Got it from a private 0 hour site I use.  Works fine.  Edited out the crack registered bit.

 

NQ.


Edited by niallquinn, 09 March 2019 - 12:10 PM.


#7 richy1976

richy1976

    The furniture

  • Regulars
  • 2601 posts

Donator

Posted 09 March 2019 - 04:05 PM

Scene release was released over a week ago.  Got it from a private 0 hour site I use.  Works fine.  Edited out the crack registered bit.

 

NQ.

Its just new running on old fix.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users