Does WinRAR's vulnerability affect DOpus?

i5151 · February 25, 2019, 4:14pm

According to the details disclosed by the security company Check Point researchers, serious security vulnerabilities have been discovered in WinRAR's UNACEV2.dll codebase, which has not been updated since 2005. WinRAR A tech-savvy attacker can execute "any malicious code" after opening a "booby-trapped" file.

This ancient vulnerability affects all WinRAR releases released in the past 19 years, with the UNACEV2.DLL library responsible for ACE format compressed files.

It seems that the decompression software that supports ACE format compressed files has been affected.

Leo · February 25, 2019, 4:17pm

Opus does not handle ACE archives and does not use any components of WinRAR or UnRAR.dll for anything other than RAR archives.

i5151 · February 25, 2019, 4:23pm

That's great, DOpus is perfect, goodbye WinRAR.

Thanks.

Leo · February 25, 2019, 4:27pm

WinRAR fixed the issue a month ago by no longer using the DLL, by the way. As long as you're on WinRAR 5.70 beta 1 or later, it's a non-issue.

i5151 · February 25, 2019, 4:38pm

I know that WinRAR fixes this vulnerability, but it is still in beta, and I can't stand WinRAR ads, so I can only say goodbye to it.

boredsilly · February 25, 2019, 7:41pm

Just rename UNACEV2.dll, I haven't opened a ace file in at least 10 years.

i5151 · February 26, 2019, 1:41am

Wow, do you have a hunch or already know that? Can you avoid the vulnerability by renaming UNACEV2.dll?

boredsilly · February 26, 2019, 2:00am

It was mentioned on reddit, makes sense since its casued by extracting ace files.