New
#1
So I presume if you rename or delete UNACEV2.DLL in the WinRAR install folder WinRAR will not be vulnerable anymore?
Beware Windows users... a new dangerous remote code execution vulnerability has been discovered in the WinRAR software, affecting hundreds of millions of users worldwide.
Cybersecurity researchers at Check Point have disclosed technical details of a critical vulnerability in WinRAR—a popular Windows file compression application with 500 million users worldwide—that affects all versions of the software released in last 19 years.
The flaw resides in the way an old third-party library, called UNACEV2.DLL, used by the software handled the extraction of files compressed in ACE data compression archive file format.
However, since WinRAR detects the format by the content of the file and not by the extension, attackers can merely change the .ace extension to .rar extension to make it look normal.
Source: Warning: Critical WinRAR Flaw Affects All Versions Released In Last 19 Years
So I presume if you rename or delete UNACEV2.DLL in the WinRAR install folder WinRAR will not be vulnerable anymore?
I have 5.40 and I deleted that .dll and the Ace32Loader.exe also. The 5.70 is a beta version and it s only in english language so I prefer not update to that
No, 5.70 beta1 and beta2 is available in a few languages.
WinRAR archiver, a powerful tool to process RAR and ZIP files
WinRAR 5.70 final has been released. The flaw is fixed.
WinRAR archiver, a powerful tool to process RAR and ZIP files