21. Nadav Grossman from Check Point Software Technologies informed us
about a security vulnerability in UNACEV2.DLL library.
Aforementioned vulnerability makes possible to create files
in arbitrary folders inside or outside of destination folder
when unpacking ACE archives.
WinRAR used this third party library to unpack ACE archives.
UNACEV2.DLL had not been updated since 2005 and we do not have access
to its source code. So we decided to drop ACE archive format support
to protect security of WinRAR users.
BTW, if InternalUnace=0 may i delete UNACEV2.DLL ?
The vulnerability affecting the DLL file unacev2.dll, which comes with Total Commander, has been discussed for the past few weeks. See e.g. this thread: Security problem in unacev2.dll.
Note, please, that Christian Ghisler is working on Total Commander 9.22 RC, which brings along a more secure unacev2.dll. The new unacev2.dll should prevent the vulnerability from being exploited in Total Commander. Work on fixing unacev2.dll is still in progress.
Best regards,
Karl
MX Linux 21.3 64-bit xfce, Total Commander 10.52 64-bit The people of Alderaan keep on bravely fighting back the clone warriors sent out by the unscrupulous Sith Lord Palpatine. The Prophet's Song
There is something wrong with forum search, try this
Open advanced search -> Search for keywords: Unace -> Limit results to previous: 6 Months
press search and you'll notice that it only appears one post THIS ONE, so please relax ok
There is something wrong with forum search, try this
Open advanced search -> Search for keywords: Unace -> Limit results to previous: 6 Months
press search and you'll notice that it only appears one post THIS ONE, so please relax ok
2karlchen
Thanks
Why so complicated, just make a normal search for unace and you find all threads.
Searching for Keywords makes sense if you already know some real keywords.
Windows 11 Home x64 Version 23H2 (OS Build 22631.3527) TC 11.03 x64 / x86
Everything 1.5.0.1373a (x64), Everything Toolbar 1.3.3, Listary Pro 6.3.0.73
QAP 11.6.3.2 x64
2Horst.Epp
I appreciate your contributions, but in this case you're wrong. Just searching for "unace" finds this thread and much older ones (from 2016 and 2012), but not the ones containing the discussion about the unace vulnerability. It seems like the forum search only matches complete words because "unacev2" finds the thread, but "unace" doesn't.
Regards
Dalai
#101164 Personal licence
Ryzen 5 2600, 16 GiB RAM, ASUS Prime X370-A, Win7 x64
Galiza wrote: ↑2019-03-09, 14:20 UTC
There is something wrong with forum search, try this
Open advanced search -> Search for keywords: Unace -> Limit results to previous: 6 Months
press search and you'll notice that it only appears one post THIS ONE, so please relax ok
There is something wrong with your search understanding. If you're NOT sure about keywords, use wildcards: unace*
