Exploit Found In Winrar After 20 Years.

#1 richy1976

The furniture

Regulars
2601 posts

Donator

Posted 07 March 2019 - 10:36 AM

There has been, after 20 years, an exploit found in WinRAR!

While the archive format .ACE has not been readily used in over a decade, WinRAR still supports the unpacking of them when needed. And since the archive type .ace is no longer widely supported, no attention has been paid to the little .dll file that handles the unpacking. Furthermore, the file extension can be changed from .ace to .rar giving an unsuspected surprise as WinRAR reads the file as an .ace file, despite it having been changed.

WinRAR v5.7 addresses this issue, but currently there are no scene release for this version.

In the meantime, we can secure ourselves by simply removing the .dll file responsible.

1. Remove the "UNACEV2.DLL" from your WinRAR installation directory.
- This will not make the software unusable, but will prevent the software from unpacking any .ACE files

For all you tech geeks out there that would like the entire story of this newly found exploit, how it was found and what is being done can read all about it here..

https://research.che...m-winrar/376536

The fix from winrar 5.31 FFF version still works for 5.7.

kriss and ricardo de ponsa like this

#2 Magz

Senior Member

Regulars
887 posts

Posted 07 March 2019 - 01:05 PM

Old software eh? Can't remember the last time I had WinRaR on a PC. 7-Zip is free and better.

Still, cheers for the heads up, might have it on some client PCs.

Liverpool2008, ricardo de ponsa and superbaron like this

#3 ricardo de ponsa

Man Of Science

Regulars
1110 posts

Posted 07 March 2019 - 06:57 PM

Thanks for the info Richy, I use Winrar and 7-zip a lot, never used .ace or .tar files though.

I'm sure there maybe more hidden gems within.

Edited by ricardo de ponsa, 07 March 2019 - 06:58 PM.

superbaron likes this

Don't come round and steal my Cheerios !!!!

#4 richy1976

The furniture

Regulars
2601 posts

Donator

Posted 07 March 2019 - 07:20 PM

Personally i would upgrade if using old versions, even if been ok in the past like i think i have been, as now the news is out of the exploit, hackers will now know and could use it.

ricardo de ponsa likes this

#5 todd1970

The furniture

Regulars
6818 posts

Posted 07 March 2019 - 08:47 PM

https://filehippo.co...load_winrar/64/

Change log :

19. "Diagnostic messages" window displays archive names in a separate
column to provide the better message visibility for lengthy
archive names.

20. Switch -isnd[-] in command line WinRAR mode allows to override
"Enable sound" option in WinRAR settings. Use -isnd to turn sound
notifications on and -isnd- to turn them off.

21. Nadav Grossman from Check Point Software Technologies informed us
about a security vulnerability in UNACEV2.DLL library.
Aforementioned vulnerability makes possible to create files
in arbitrary folders inside or outside of destination folder
when unpacking ACE archives.

WinRAR used this third party library to unpack ACE archives.
UNACEV2.DLL had not been updated since 2005 and we do not have access
to its source code. So we decided to drop ACE archive format support
to protect security of WinRAR users.

We are thankful to Check Point Software Technologies for reporting
this issue.