The Portable Freeware Collection Forums

Posted: **Sat Apr 28, 2018 1:39 pm**

Posted: **Fri Feb 22, 2019 12:46 am**

Extracting a 19 Year Old Code Execution from WinRAR

TL;DR
There is critical vulnerability in UNACEV2.DLL which is used to extract ACE archives.
Roshal just removed it (and ACE support) in latest beta, don't know about Ghisler and FAR devs.

UNACEV2.DLL is also used in Universal Extractor, so be careful

Looks like that library is also presented in PeaZip and PeaExtractor.
Somewhere else?

Posted: **Fri Feb 22, 2019 1:53 am**

billon wrote: ↑Fri Feb 22, 2019 12:46 am Extracting a 19 Year Old Code Execution from WinRAR

TL:DR
There is critical vulnerability in UNACEV2.DLL which is used to extract ACE archives.
Roshal just removed it (and ACE support) in latest beta, don't know about Ghisler and FAR devs.

UNACEV2.DLL is also used in Universal Extractor, so be careful

Fortunately, Universal Extractor 2 does not have it.

Thanks for the link. The article was an interesting read.

Posted: **Fri Feb 22, 2019 4:17 am**

SYSTEM wrote: ↑Fri Feb 22, 2019 1:53 am Fortunately, Universal Extractor 2 does not have it.

https://github.com/Bioruebe/UniExtract2/blob/master/helper_binaries_info.txt wrote: XAce Plus xace.exe 2.6 Marcel Lemke http://www.winace.com/

Same version, same code, no?

Posted: **Fri Feb 22, 2019 4:36 am**

Actually I don't know why I have that UNACEV2.DLL if there xace.exe
Maybe messed with different versions

And xace.exe writes to the registry HKCU\Software\e-merge
wtf

Posted: **Fri Feb 22, 2019 5:05 am**

billon wrote: ↑Fri Feb 22, 2019 4:17 am
SYSTEM wrote: ↑Fri Feb 22, 2019 1:53 am Fortunately, Universal Extractor 2 does not have it.

https://github.com/Bioruebe/UniExtract2/blob/master/helper_binaries_info.txt wrote: XAce Plus xace.exe 2.6 Marcel Lemke http://www.winace.com/
Same version, same code, no?

Yeah, it's likely. I had missed it. I filed a bug report now: https://github.com/Bioruebe/UniExtract2/issues/132

Posted: **Fri Feb 22, 2019 7:38 am**

billon wrote: ↑Fri Feb 22, 2019 12:46 am ...
Looks like that library is also presented in PeaZip and PeaExtractor.
Somewhere else?

Dirk Pahel's Simplyzip v1.1b78 (link 26-MAY-2014)

Also included in Win7 standard distribution :

Code: Select all

c:\>dir Progra~1\winrar\unace*
26/08/2005  00:50         77,312  UNACEV2.DLL

Posted: **Wed Jan 22, 2020 10:23 pm**

UPX 3.96

Posted: **Mon Dec 07, 2020 1:43 am**

UnRAR 6.00

Posted: **Sat Dec 19, 2020 2:28 am**

innounp 0.50

Added support for IS 6.1.

Fixed broken paths that originally were in UNC format.

Posted: **Tue Dec 28, 2021 9:48 am**

7-zip v21.07 (2021-12-26)

The Portable Freeware Collection Forums

Keeping UniExtract up to date

Re: Keeping UniExtract up to date

Critical vulnerability in UNACEV2.DLL

Re: Critical vulnerability in UNACEV2.DLL

Re: Critical vulnerability in UNACEV2.DLL

Re: Keeping UniExtract up to date

Re: Critical vulnerability in UNACEV2.DLL

Re: Critical vulnerability in UNACEV2.DLL

Re: Keeping UniExtract up to date

Re: Keeping UniExtract up to date

Re: Keeping UniExtract up to date

Re: Keeping UniExtract up to date