Jump to content

Recommended Posts

Posted (edited)

    If you are one of the 500 million people worldwide using WinRAR, you are a perfect target for hijackers. It was recently discovered that every version of WinRAR released in the last 19 years has a critical bug that allows cybercriminals into your computer. Now more than 100 ways to exploit it have been identified — and that number keeps going up.

 

https://usa.kaspersky.com/blog/update-winrar-now/17450/?ac_pgm_id=758056509&acmid=DM79043&acbid=442851338&utm_source=0&utm_medium=&utm_content=770162859&utm_campaign=

 

    You can Google it, it's a real serious problem all over the world, and why giving cybercriminals access to anything that belongs to you? Here's another one: https://betanews.com/2019/03/17/winrar-security-bug-active-exploits/

 

    That's a warning that came from my AV software Kasp. I've of course updated the WinRar software immediately, because I'm also doing online banking. 

 

          Here's the website where you can find your particular software update for 32/64 OS and in different languages.: https://www.win-rar.com/download.html?&L=0

Edited by Isaanbiker
Posted

Thx for the heads up, but if you don't use the ACE compression technique then you are not vulnerable.

 

Ace:

 

https://en.wikipedia.org/wiki/ACE_(compressed_file_format)

 

Quote

In computing, ACE is a proprietary data compression archive file format developed by Marcel Lemke, and later bought by e-merge GmbH. The peak of its popularity was 1999–2001, when it provided slightly better compression rates than RAR, which has since become more popular.

 

 

Quote

 

Security vulnerabilities

In February 2019 several major security vulnerabilities were found in the UnACEv2.dll library which is used by WinRAR and other archiving products. Since WinACE is abandonware, users are advised against opening ACE archives in WinRAR and possibly other products using this library.[7] WinRAR stopped supporting ACE as of version 5.70, and similar products are following suit.


 

 

  • Like 2
Posted

I had 7 copies of the buggy file "unacev2.dll" on my PC - all found by "Everything Search" from Void Tools: https://www.voidtools.com/

5 were in images of old PCs, 1 was in "XNview" - looks like a portable image viewer, i.e. not installed, just run it - and the last was in an installed program called "EF Commander" which looks like the old "Norton Commander".

All .dll's now deleted.

"EF Commander" deleted as it was 3 years old and they wanted money to register it.

"XNview" looks like an interesting file viewer - but now it just can't handle ACE files any more.

 

  • Like 1

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...