[Security Fix] All WinRAR Versions are Affected by Critical Vulnerability
WinRAR is one of the most popular and widely used file archive software for Windows operating system. It supports almost all popular file compression and decompression (extract) formats. Although it’s a paid software but you can install its trial version for free to test its features. Long time back WinRAR provided its 3.51 full version for free download and still many people use that version in their computer systems.
There are many Windows users who are using WinRAR in their computer systems to extract downloaded ZIP or RAR files or to compress files and folders to send via emails or to store as a backup.
Recently a critical vulnerability has been discovered which affects almost all WinRAR versions released in last 19 years. This security bug includes remote code execution and Absolute Path Traversal.
Advertisement
This security bug allows attackers to extract a maliciously-crafted file archive to their desired folder on a targeted system and then add the malicious program to Windows startup list so that the program can launch automatically on next system reboot.
The security flaw is present inside a DLL file “UNACEV2.DLL” which is used by WinRAR to extract ACE file format.
WinRAR team has fixed this security vulnerability in the latest 5.70 beta version. So if you are using WinRAR, you can download and install the latest beta version to fix the security issue.
If you don’t want to install a beta version as it might contain bugs and issues, you can manually patch the security issue by deleting the culprit DLL file.
Following steps will help all WinRAR users in fixing the security bug:
1. Open My Computer (or Windows Explorer/File Explorer/This PC).
Advertisement
2. Now we need to open WinRAR folder present in Program Files folder. You’ll find WinRAR folder under any of following folders:
- C:\Program Files\WinRAR
- C:\Program Files (x86)\WinRAR
3. Once you open WinRAR folder, look for following DLL file:
- UNACEV2.DLL
This file should be present directly inside WinRAR folder. Older versions of WinRAR might contain the DLL file inside “Formats” folder.
4. Once you find the file, select it and press SHIFT+DELETE keys together on your keyboard.
It’ll permanently delete the DLL file and you’ll be safe from the security vulnerability.
Also Check:
7-Zip: Free and Open Source File Archive Utility for Windows and Linux
Thanks for letting know Vishal, Thank you so much.
Thanks for that alert.
I have just one question that probably also applies to other users.
When I search for UNACEV2.DLL I find there are 14 of them.
E.G,
It is in the Filezip folder: E:\Program Files (x86)\Filzip\unacev2.dll
And it is in the UBC4Win folder: C:\UBC4WinFldr\plugin\AntiVirus\Antivir9\files\unacev2.dll
Do these other 13 files also present a porblem?
Should they also be removed?
Thank for the fine article.
B.
7-zip is slightly better then Winrar.
I tested Windows ISO image compression in Ultra level compression mode using both 7-zip and Winrar and I found that 7-Zip better compress and release more storage as compare to Winrar.
7-zip extract all files, even exe and apk files without release any errors, but Winrar doesn’t.
^^ Yes. I also prefer 7-Zip.
@B.
Afaik the vulnerability only exists in WinRAR.
I also see an exe in the formats folder, ace32loader.exe, wondering if this should also be deleted, as it has to correspond to the ace dll and as I doubt I will ever be extracting any ace files in the future anyway
^^ Yes. You can remove that file.
With all the people that use WinRAR, and because it has no autoupdate function, it will take EONS for this to go away.