Isaanbiker Posted April 30, 2019 Share Posted April 30, 2019 If you are one of the 500 million people worldwide using WinRAR, you are a perfect target for hijackers. It was recently discovered that every version of WinRAR released in the last 19 years has a critical bug that allows cybercriminals into your computer. Now more than 100 ways to exploit it have been identified — and that number keeps going up. https://usa.kaspersky.com/blog/update-winrar-now/17450/?ac_pgm_id=758056509&acmid=DM79043&acbid=442851338&utm_source=0&utm_medium=&utm_content=770162859&utm_campaign= You can Google it, it's a real serious problem all over the world, and why giving cybercriminals access to anything that belongs to you? Here's another one: https://betanews.com/2019/03/17/winrar-security-bug-active-exploits/ That's a warning that came from my AV software Kasp. I've of course updated the WinRar software immediately, because I'm also doing online banking. Here's the website where you can find your particular software update for 32/64 OS and in different languages.: https://www.win-rar.com/download.html?&L=0 Link to comment Share on other sites More sharing options...
MJCM Posted May 1, 2019 Share Posted May 1, 2019 Thx for the heads up, but if you don't use the ACE compression technique then you are not vulnerable. Ace: https://en.wikipedia.org/wiki/ACE_(compressed_file_format) Quote In computing, ACE is a proprietary data compression archive file format developed by Marcel Lemke, and later bought by e-merge GmbH. The peak of its popularity was 1999–2001, when it provided slightly better compression rates than RAR, which has since become more popular. Quote Security vulnerabilities In February 2019 several major security vulnerabilities were found in the UnACEv2.dll library which is used by WinRAR and other archiving products. Since WinACE is abandonware, users are advised against opening ACE archives in WinRAR and possibly other products using this library.[7] WinRAR stopped supporting ACE as of version 5.70, and similar products are following suit. Link to comment Share on other sites More sharing options...
JetsetBkk Posted May 1, 2019 Share Posted May 1, 2019 I had 7 copies of the buggy file "unacev2.dll" on my PC - all found by "Everything Search" from Void Tools: https://www.voidtools.com/ 5 were in images of old PCs, 1 was in "XNview" - looks like a portable image viewer, i.e. not installed, just run it - and the last was in an installed program called "EF Commander" which looks like the old "Norton Commander". All .dll's now deleted. "EF Commander" deleted as it was 3 years old and they wanted money to register it. "XNview" looks like an interesting file viewer - but now it just can't handle ACE files any more. Link to comment Share on other sites More sharing options...
Isaanbiker Posted May 1, 2019 Author Share Posted May 1, 2019 11 hours ago, MJCM said: Thx for the heads up, but if you don't use the ACE compression technique then you are not vulnerable. Ace: https://en.wikipedia.org/wiki/ACE_(compressed_file_format) Thanks a lot for the clarification. Link to comment Share on other sites More sharing options...
.png.3b3332cc2256ad0edbc2fe9404feeef0.png)
Recommended Posts
Archived
This topic is now archived and is closed to further replies.