You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A couple of days ago Check Point Research found a vulnerability in unacev2.dll: a specially crafted ACE archive can be made that, when extracted, plants files anywhere in the host system, outside the target folder. Their whole write-up is here: https://research.checkpoint.com/extracting-code-execution-from-winrar/
UniExtract2 uses XAce Plus for ACE extraction instead of unacev2.dll, but I'd guess that it's also vulnerable.
The developer of WinAce apparently went bankrupt in 2017 and thus there won't be any more updates, security or otherwise, for ACE extractors. I think it would be best to just remove ACE extraction functionality completely to keep users safe.
The text was updated successfully, but these errors were encountered:
I tested the POC archive and surprisingly XAce does not seem to be affected by these malicious files. On one of my test systems XAce crashed, but at least no files were written outside the output directory.
I think it is safe enough to keep XAce for now, but I will investigate switching to acefile as it is actively maintained.
A couple of days ago Check Point Research found a vulnerability in unacev2.dll: a specially crafted ACE archive can be made that, when extracted, plants files anywhere in the host system, outside the target folder. Their whole write-up is here: https://research.checkpoint.com/extracting-code-execution-from-winrar/
UniExtract2 uses XAce Plus for ACE extraction instead of unacev2.dll, but I'd guess that it's also vulnerable.
The developer of WinAce apparently went bankrupt in 2017 and thus there won't be any more updates, security or otherwise, for ACE extractors. I think it would be best to just remove ACE extraction functionality completely to keep users safe.
The text was updated successfully, but these errors were encountered: