Disclosure: When you purchase a service or a product through our links, we sometimes earn a commission.Β Read More..

FREE Email Marketing Course

WinRAR has a critical security bug: here is the fix

October 20, 2019 By admin

Software https://www.ghacks.net/2019/02/21/winrar-has-a-critical-security-bug-here-is-the-fix/

WinRAR is a highly common software to create and extract archives on Windows along with other supported operating systems. Part of its popularity stems from its support for different kinds of packaging formats the program’s trial version expires.

A bug was discovered recently that impacts all sorts of WinRAR before 5.70. The insect, a remote code execution vulnerability, impacts so all and all WinRAR variations 500 million users that use the program.

Security researchers discovered a flaw which WinRAR utilizes to extract documents from archives.

Attackers could exploit the vulnerability by compelling archives. The bug could be abused to extract the files to any folder on the machine instead of the folder selected by the user along with the default folder for files that were extracted.

Attackers could choose to extract files into Windows’ startup folder so that programs are implemented on another start of the machine.

The researchers published a movie which shows the exploit.

WinRAR employs the information of the file to ascertain the archive that has been used to compress the documents; means, it’s insufficient to avoid any ACE documents for the time being. ACE files could be renamed by attackers to RAR or ZIP, and WinRAR could handle them just fine.

The library that’s responsible for the behaviour is UNACEV2.DLL. The maker of WinRAR eliminated the file in the latest Beta version of WinRAR 5.70. Users may upgrade to the Beta version to secure their devices.

winrar issue

Policies may prevent the installation of applications and some Home users may rather not install applications that is Beta either.

These users and administrators can delete the vulnerable file, UNACEV2.DLL from the WinRAR directory to protect the apparatus from the matter. This is how that is done:

<

ol>

  • Open Explorer on the Windows PC.
  • Visit C:Program FilesWinRAR if you run a 64-bit model of WinRAR.
  • Visit C:Program Files (x86)WinRAR if you operate a 32-bit version of WinRAR.
  • Locate the file UNACEV2.DLL and either rename it or disable it.
    1. To delete: select the document UNACEV2.DLL and then delete it either with a right-click and the range of Delete from the context menu, or by utilizing the Del key on your keyboard.
    2. To rename: Click the file and select rename.

    Note: This removes the option to extract ACE files with WinRAR.

    I could not find info on the ACE format’s prevalence. I remember that it was quite hot (and controversial) more than a decade past.

    You: Do you use WinRAR? My favourite program is Bandizip right today . (through Hacker News)

    Ghacks needs you. You are able to discover how to encourage us support the website directly. Thank you for being a Ghacks reader. The article WinRAR has a significant security bug: This is the repair appeared first on gHacks Technology News.