Page 15 of 16

Re: Keeping UniExtract up to date

Posted: Sun Jan 29, 2017 11:41 am
by billon
UPX 3.93 released
fixed some win32/pe and win64/pe regressions introduced in 3.92

Re: Keeping UniExtract up to date

Posted: Fri May 12, 2017 3:32 pm
by billon

Re: Keeping UniExtract up to date

Posted: Sat May 13, 2017 10:54 am
by Midas
New version changes mostly relevant to non-Windows platforms: https://upx.github.io/upx-news.txt...

Re: Keeping UniExtract up to date

Posted: Mon Aug 14, 2017 8:21 am
by billon
UnRAR 5.50 released

Re: Keeping UniExtract up to date

Posted: Sat Apr 28, 2018 1:39 pm
by billon

Re: Keeping UniExtract up to date

Posted: Wed Jun 27, 2018 2:17 am
by billon

Re: Keeping UniExtract up to date

Posted: Tue Jul 03, 2018 8:18 pm
by billon
innounp version 0.47 released
  • Added support for IS 5.6.0 and 5.6.1.
  • Added AppId field to the script.

Re: Keeping UniExtract up to date

Posted: Sun Aug 26, 2018 10:17 am
by billon

Re: Keeping UniExtract up to date

Posted: Mon Oct 01, 2018 1:36 pm
by billon

Re: Keeping UniExtract up to date

Posted: Sun Jan 27, 2019 1:18 pm
by billon
innounp 0.48
  • Added support for IS 5.6.2.
  • Fixed regression bug introduced by 5.6.0 support.

Critical vulnerability in UNACEV2.DLL

Posted: Fri Feb 22, 2019 12:46 am
by billon
Extracting a 19 Year Old Code Execution from WinRAR

TL';DR
There is critical vulnerability in UNACEV2.DLL which is used to extract ACE archives.
Roshal just removed it (and ACE support) in latest beta, don't know about Ghisler and FAR devs.

UNACEV2.DLL is also used in Universal Extractor, so be careful :!:

Looks like that library is also presented in PeaZip and PeaExtractor.
Somewhere else?

Re: Critical vulnerability in UNACEV2.DLL

Posted: Fri Feb 22, 2019 1:53 am
by SYSTEM
billon wrote:
Fri Feb 22, 2019 12:46 am
Extracting a 19 Year Old Code Execution from WinRAR

TL:DR
There is critical vulnerability in UNACEV2.DLL which is used to extract ACE archives.
Roshal just removed it (and ACE support) in latest beta, don't know about Ghisler and FAR devs.

UNACEV2.DLL is also used in Universal Extractor, so be careful :!:
Fortunately, Universal Extractor 2 does not have it.

Thanks for the link. The article was an interesting read. :)

Re: Critical vulnerability in UNACEV2.DLL

Posted: Fri Feb 22, 2019 4:17 am
by billon
SYSTEM wrote:
Fri Feb 22, 2019 1:53 am
Fortunately, Universal Extractor 2 does not have it.
Same version, same code, no?

Re: Keeping UniExtract up to date

Posted: Fri Feb 22, 2019 4:36 am
by billon
Actually I don't know why I have that UNACEV2.DLL if there xace.exe
Maybe messed with different versions

And xace.exe writes to the registry HKCU\Software\e-merge
wtf

Re: Critical vulnerability in UNACEV2.DLL

Posted: Fri Feb 22, 2019 5:05 am
by SYSTEM
billon wrote:
Fri Feb 22, 2019 4:17 am
SYSTEM wrote:
Fri Feb 22, 2019 1:53 am
Fortunately, Universal Extractor 2 does not have it.
Same version, same code, no?
Yeah, it's likely. I had missed it. I filed a bug report now: https://github.com/Bioruebe/UniExtract2/issues/132