Page 1 of 1
UnAce Vulnerability
Posted: 2019-03-09, 07:14 UTC
by Galiza
Hi, information from WinRar web site
https://www.rarlab.com/rarnew.htm
WinRar 5.70 What's New
21. Nadav Grossman from Check Point Software Technologies informed us
about a security vulnerability in UNACEV2.DLL library.
Aforementioned vulnerability makes possible to create files
in arbitrary folders inside or outside of destination folder
when unpacking ACE archives.
WinRAR used this third party library to unpack ACE archives.
UNACEV2.DLL had not been updated since 2005 and we do not have access
to its source code. So we decided to drop ACE archive format support
to protect security of WinRAR users.
BTW, if InternalUnace=0 may i delete UNACEV2.DLL ?
Best regards
Re: UnAce Vulnerability
Posted: 2019-03-09, 08:26 UTC
by Horst.Epp
What about searching for this in the forum and not making the next thread about it ?
Re: UnAce Vulnerability
Posted: 2019-03-09, 14:14 UTC
by karlchen
Hello, Galiza.
The vulnerability affecting the DLL file unacev2.dll, which comes with Total Commander, has been discussed for the past few weeks. See e.g. this thread:
Security problem in unacev2.dll.
Note, please, that Christian Ghisler is working on Total Commander 9.22 RC, which brings along a more secure unacev2.dll. The new unacev2.dll should prevent the vulnerability from being exploited in Total Commander. Work on fixing unacev2.dll is still in progress.
Best regards,
Karl
Re: UnAce Vulnerability
Posted: 2019-03-09, 14:20 UTC
by Galiza
2Horst.Epp
There is something wrong with forum search, try this
Open advanced search -> Search for keywords: Unace -> Limit results to previous: 6 Months
press search and you'll notice that it only appears one post THIS ONE, so please relax ok
2karlchen
Thanks
Re: UnAce Vulnerability
Posted: 2019-03-09, 14:36 UTC
by Horst.Epp
Galiza wrote: ↑2019-03-09, 14:20 UTC
2Horst.Epp
There is something wrong with forum search, try this
Open advanced search -> Search for keywords: Unace -> Limit results to previous: 6 Months
press search and you'll notice that it only appears one post THIS ONE, so please relax ok
2karlchen
Thanks
Why so complicated,
just make a normal search for unace and you find all threads.
Searching for Keywords makes sense if you already know some real keywords.
Re: UnAce Vulnerability
Posted: 2019-03-09, 14:56 UTC
by Dalai
2Horst.Epp
I appreciate your contributions, but in this case you're wrong. Just searching for "unace" finds this thread and much older ones (from 2016 and 2012), but not the ones containing the discussion about the unace vulnerability. It seems like the forum search only matches complete words because "unacev2" finds the thread, but "unace" doesn't.
Regards
Dalai
Re: UnAce Vulnerability
Posted: 2019-03-09, 16:15 UTC
by Usher
Galiza wrote: ↑2019-03-09, 14:20 UTC
There is something wrong with forum search, try this
Open advanced search -> Search for keywords: Unace -> Limit results to previous: 6 Months
press search and you'll notice that it only appears one post THIS ONE, so please relax ok
There is something wrong with your search understanding. If you're NOT sure about keywords, use wildcards:
unace*