Keeping UniExtract up to date
Critical vulnerability in UNACEV2.DLL
Extracting a 19 Year Old Code Execution from WinRAR
TL;DR
There is critical vulnerability in UNACEV2.DLL which is used to extract ACE archives.
Roshal just removed it (and ACE support) in latest beta, don't know about Ghisler and FAR devs.
UNACEV2.DLL is also used in Universal Extractor, so be careful
Looks like that library is also presented in PeaZip and PeaExtractor.
Somewhere else?
TL;DR
There is critical vulnerability in UNACEV2.DLL which is used to extract ACE archives.
Roshal just removed it (and ACE support) in latest beta, don't know about Ghisler and FAR devs.
UNACEV2.DLL is also used in Universal Extractor, so be careful
Looks like that library is also presented in PeaZip and PeaExtractor.
Somewhere else?
Re: Critical vulnerability in UNACEV2.DLL
Fortunately, Universal Extractor 2 does not have it.billon wrote: ↑Fri Feb 22, 2019 12:46 am Extracting a 19 Year Old Code Execution from WinRAR
TL:DR
There is critical vulnerability in UNACEV2.DLL which is used to extract ACE archives.
Roshal just removed it (and ACE support) in latest beta, don't know about Ghisler and FAR devs.
UNACEV2.DLL is also used in Universal Extractor, so be careful
Thanks for the link. The article was an interesting read.
My YouTube channel | Release date of my 13th playlist: August 24, 2020
Re: Critical vulnerability in UNACEV2.DLL
Same version, same code, no?https://github.com/Bioruebe/UniExtract2/blob/master/helper_binaries_info.txt wrote: XAce Plus xace.exe 2.6 Marcel Lemke http://www.winace.com/
Re: Keeping UniExtract up to date
Actually I don't know why I have that UNACEV2.DLL if there xace.exe
Maybe messed with different versions
And xace.exe writes to the registry HKCU\Software\e-merge
wtf
Maybe messed with different versions
And xace.exe writes to the registry HKCU\Software\e-merge
wtf
Re: Critical vulnerability in UNACEV2.DLL
Yeah, it's likely. I had missed it. I filed a bug report now: https://github.com/Bioruebe/UniExtract2/issues/132billon wrote: ↑Fri Feb 22, 2019 4:17 amSame version, same code, no?https://github.com/Bioruebe/UniExtract2/blob/master/helper_binaries_info.txt wrote: XAce Plus xace.exe 2.6 Marcel Lemke http://www.winace.com/
My YouTube channel | Release date of my 13th playlist: August 24, 2020
- __philippe
- Posts: 687
- Joined: Wed Jun 26, 2013 2:09 am
Re: Critical vulnerability in UNACEV2.DLL
Dirk Pahel's Simplyzip v1.1b78 (link 26-MAY-2014)billon wrote: ↑Fri Feb 22, 2019 12:46 am ...
Looks like that library is also presented in PeaZip and PeaExtractor.
Somewhere else?
Also included in Win7 standard distribution :
Code: Select all
c:\>dir Progra~1\winrar\unace*
26/08/2005 00:50 77,312 UNACEV2.DLL
Re: Keeping UniExtract up to date
innounp 0.50
- Added support for IS 6.1.
- Fixed broken paths that originally were in UNC format.
Re: Keeping UniExtract up to date
7-zip v21.07 (2021-12-26)