You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
by simply opening an archive of this format in far.
Far.exe itself can not open archives, that is done by plugins. If the standard Arclite plugin out of the box handles ACE format then yes, it is a problem. Otherwise it is not Far Manager's concern.
Newarc has never been released (and hardly will ever be), so it's nothing to worry about. However, we should probably remove the dll for good just in case. Thanks for reporting.
Sorry if this was already reported/fixed in any of the russian language discussions.
Basically a serious RCE was discoverd in the ACE archive unpacking code, which can be triggered by simply opening an archive of this format in far.
https://research.checkpoint.com/extracting-code-execution-from-winrar/
https://www.bleepingcomputer.com/news/security/malspam-exploits-winrar-ace-vulnerability-to-install-a-backdoor/
The text was updated successfully, but these errors were encountered: