WinRAR Removes ACE Support to fix 19-Year-Old Vulnerability
Posted: Fri Feb 22, 2019 9:16 pm
WinRAR Removes ACE Support to fix 19-Year-Old Vulnerability
https://research.checkpoint.com/extract ... om-winrar/
Video demo
https://www.youtube.com/watch?v=R2qcBWJzHMo
Update WinRAR
https://www.rarlab.com/download.htm
Check Point Research blog post detailing how it worksWinRAR Version 5.70 wrote:Nadav Grossman from Check Point Software Technologies informed us
about a security vulnerability in UNACEV2.DLL library.
Aforementioned vulnerability makes possible to create files
in arbitrary folders inside or outside of destination folder
when unpacking ACE archives.
WinRAR used this third party library to unpack ACE archives.
UNACEV2.DLL had not been updated since 2005 and we do not have access
to its source code. So we decided to drop ACE archive format support
to protect security of WinRAR users.
https://research.checkpoint.com/extract ... om-winrar/
Video demo
https://www.youtube.com/watch?v=R2qcBWJzHMo
Update WinRAR
https://www.rarlab.com/download.htm