Jump to content

WinRar: Compressed files pose a threat to modders community.

fernicar

By fernicar
in Site Support

 Share

Recommended Posts

fernicar Rookie

fernicar

Posted
Posted

TL;DR: WinRar installation has a bug revealed, only the beta installation will have the fix:

 

the screenshot represent the screenshot of the current official page to download winrar.

 

WinRar stable installation has dropped the use of insecure UNACEV2.DLL in the newest beta installation, the documentation about the bug is described in full detail here:

https://research.checkpoint.com/extracting-code-execution-from-winrar/

 

The more easy to digest version is explained here:

https://www.theregister.co.uk/2019/02/20/winrar_security_bug/

 

Since the site and the users have heavy usage of compressed files, every one is a potential target if they are not aware of the details.

I would recommend the site to auto check if any compressed file is indeed a .ACE renamed file, because it could take advantage of the situation to target users when they open manually.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...