Keeping UniExtract up to date

Discuss anything related to portable freeware here.
Message
Author
billon
Posts: 843
Joined: Sat Jun 23, 2012 4:28 pm

Re: Keeping UniExtract up to date

#196 Post by billon »


billon
Posts: 843
Joined: Sat Jun 23, 2012 4:28 pm

Critical vulnerability in UNACEV2.DLL

#197 Post by billon »

Extracting a 19 Year Old Code Execution from WinRAR

TL;DR
There is critical vulnerability in UNACEV2.DLL which is used to extract ACE archives.
Roshal just removed it (and ACE support) in latest beta, don't know about Ghisler and FAR devs.

UNACEV2.DLL is also used in Universal Extractor, so be careful :!:

Looks like that library is also presented in PeaZip and PeaExtractor.
Somewhere else?

User avatar
SYSTEM
Posts: 2041
Joined: Sat Jul 31, 2010 1:19 am
Location: Helsinki, Finland

Re: Critical vulnerability in UNACEV2.DLL

#198 Post by SYSTEM »

billon wrote: Fri Feb 22, 2019 12:46 am Extracting a 19 Year Old Code Execution from WinRAR

TL:DR
There is critical vulnerability in UNACEV2.DLL which is used to extract ACE archives.
Roshal just removed it (and ACE support) in latest beta, don't know about Ghisler and FAR devs.

UNACEV2.DLL is also used in Universal Extractor, so be careful :!:
Fortunately, Universal Extractor 2 does not have it.

Thanks for the link. The article was an interesting read. :)
My YouTube channel | Release date of my 13th playlist: August 24, 2020

billon
Posts: 843
Joined: Sat Jun 23, 2012 4:28 pm

Re: Critical vulnerability in UNACEV2.DLL

#199 Post by billon »

SYSTEM wrote: Fri Feb 22, 2019 1:53 am Fortunately, Universal Extractor 2 does not have it.
Same version, same code, no?

billon
Posts: 843
Joined: Sat Jun 23, 2012 4:28 pm

Re: Keeping UniExtract up to date

#200 Post by billon »

Actually I don't know why I have that UNACEV2.DLL if there xace.exe
Maybe messed with different versions

And xace.exe writes to the registry HKCU\Software\e-merge
wtf

User avatar
SYSTEM
Posts: 2041
Joined: Sat Jul 31, 2010 1:19 am
Location: Helsinki, Finland

Re: Critical vulnerability in UNACEV2.DLL

#201 Post by SYSTEM »

billon wrote: Fri Feb 22, 2019 4:17 am
SYSTEM wrote: Fri Feb 22, 2019 1:53 am Fortunately, Universal Extractor 2 does not have it.
Same version, same code, no?
Yeah, it's likely. I had missed it. I filed a bug report now: https://github.com/Bioruebe/UniExtract2/issues/132
My YouTube channel | Release date of my 13th playlist: August 24, 2020

User avatar
__philippe
Posts: 687
Joined: Wed Jun 26, 2013 2:09 am

Re: Critical vulnerability in UNACEV2.DLL

#202 Post by __philippe »

billon wrote: Fri Feb 22, 2019 12:46 am ...
Looks like that library is also presented in PeaZip and PeaExtractor.
Somewhere else?
Dirk Pahel's Simplyzip v1.1b78 (link 26-MAY-2014)

Also included in Win7 standard distribution : :roll:

Code: Select all

c:\>dir Progra~1\winrar\unace*
26/08/2005  00:50         77,312  UNACEV2.DLL

billon
Posts: 843
Joined: Sat Jun 23, 2012 4:28 pm

Re: Keeping UniExtract up to date

#203 Post by billon »


billon
Posts: 843
Joined: Sat Jun 23, 2012 4:28 pm

Re: Keeping UniExtract up to date

#204 Post by billon »


billon
Posts: 843
Joined: Sat Jun 23, 2012 4:28 pm

Re: Keeping UniExtract up to date

#205 Post by billon »

innounp 0.50
  • Added support for IS 6.1.
  • Fixed broken paths that originally were in UNC format.

Ultra7ven
Posts: 6
Joined: Tue Dec 28, 2021 8:00 am

Re: Keeping UniExtract up to date

#206 Post by Ultra7ven »

7-zip v21.07 (2021-12-26)

Post Reply