WinRAR patches 19 year old security issue
Click here to post a comment for WinRAR patches 19 year old security issue on our message forum
magiQx
someone finally paid for WinRAR and they had a budget for that fix?
RealNC
sverek
19 years ago 7z was released.
https://en.wikipedia.org/wiki/7-Zip
Guru01
Which version is it, the 5.61 final or the beta 5.70?
AntiSnipe
www.theregister.co.uk
"The ACE format has been removed in 5.70 beta 1, so all versions of WinRAR after that release will be protected from the bug."
Seriously. What is the point of knowing this if we don't know how to correct it? 5.61 still lists .ACE in the "Associate with" list, so I'm thinking the beta or some unreleased version still.
EDIT: From WalterDasTrevas
Shaxuul
Hmm, good to know.. Have been using WinRAR for as far back as I can remember -- since early XP days. It's usually one of the first programs I install after installing Windows..
WinRAR 5.70 beta 2 is available to download.
EdKiefer
what I did was rename the DLL " UNACEV2.DLL" to " old_UNACEV2.DLL", till new non-beta, but they are on 5.70beta2 last I looked.
schmidtbag
I don't really understand the point of Winrar anymore, with so many alternatives that are free and better. I get the impression the only people who still use it are those who had it as their first archive alternative to Windows' built-in tools. And no, I'm not saying Winrar is bad, because it isn't. But if you're going to install 3rd party software, why not something else?
Rich_Guy
Which one do you download ?, as the top 7x are Trials.
Been years since ive downed it. 😛
EDIT: Just grabbed the x64 one from the top.
I was on v4.11! 😀
ruthan
Im missing Free Dos version Download on their page.
It was always overpriced, i would buy it for $5/$10 bugs, but $40.. its company only thing.
Octopuss
magiQx
TheDeeGee
I like WinRAR, been using it since forever.
vbetts
Moderator
Rich_Guy
DLD
I've been using ARJ and PKZIP, since, maybe, the day they appeared, during the "DOS era"... Then, as the window$ gain popularity, came all these 'win-this win-that' (WinACE, WinRAR, WinZIP...), so I checked them all and stayed with WinRAR. Don't care whether there are or aren't any security issues with it....
Arbie
Just delete UNACEV2.DLL - that completely eliminates the risk*. Then patch or update WinRAR if you want.
* https://research.checkpoint.com/extracting-code-execution-from-winrar/
TheDeeGee
5.70 Final is out now.