April 30, 20197 yr If you are one of the 500 million people worldwide using WinRAR, you are a perfect target for hijackers. It was recently discovered that every version of WinRAR released in the last 19 years has a critical bug that allows cybercriminals into your computer. Now more than 100 ways to exploit it have been identified — and that number keeps going up. https://usa.kaspersky.com/blog/update-winrar-now/17450/?ac_pgm_id=758056509&acmid=DM79043&acbid=442851338&utm_source=0&utm_medium=&utm_content=770162859&utm_campaign= You can Google it, it's a real serious problem all over the world, and why giving cybercriminals access to anything that belongs to you? Here's another one: https://betanews.com/2019/03/17/winrar-security-bug-active-exploits/ That's a warning that came from my AV software Kasp. I've of course updated the WinRar software immediately, because I'm also doing online banking. Here's the website where you can find your particular software update for 32/64 OS and in different languages.: https://www.win-rar.com/download.html?&L=0 Edited April 30, 20197 yr by Isaanbiker
May 1, 20197 yr Thx for the heads up, but if you don't use the ACE compression technique then you are not vulnerable. Ace: https://en.wikipedia.org/wiki/ACE_(compressed_file_format) Quote In computing, ACE is a proprietary data compression archive file format developed by Marcel Lemke, and later bought by e-merge GmbH. The peak of its popularity was 1999–2001, when it provided slightly better compression rates than RAR, which has since become more popular. Quote Security vulnerabilities In February 2019 several major security vulnerabilities were found in the UnACEv2.dll library which is used by WinRAR and other archiving products. Since WinACE is abandonware, users are advised against opening ACE archives in WinRAR and possibly other products using this library.[7] WinRAR stopped supporting ACE as of version 5.70, and similar products are following suit.
May 1, 20197 yr I had 7 copies of the buggy file "unacev2.dll" on my PC - all found by "Everything Search" from Void Tools: https://www.voidtools.com/ 5 were in images of old PCs, 1 was in "XNview" - looks like a portable image viewer, i.e. not installed, just run it - and the last was in an installed program called "EF Commander" which looks like the old "Norton Commander". All .dll's now deleted. "EF Commander" deleted as it was 3 years old and they wanted money to register it. "XNview" looks like an interesting file viewer - but now it just can't handle ACE files any more.
May 1, 20197 yr Author 11 hours ago, MJCM said: Thx for the heads up, but if you don't use the ACE compression technique then you are not vulnerable. Ace: https://en.wikipedia.org/wiki/ACE_(compressed_file_format) Thanks a lot for the clarification.
Create an account or sign in to comment