News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • ACE format unpacker vulnerability – WinRAR and others

    Home Forums Code Red – Security/Privacy advisories ACE format unpacker vulnerability – WinRAR and others

    • This topic has 7 replies, 5 voices, and was last updated 1 year ago by anonymous.
    Viewing 5 reply threads
    • Author
      Posts
      • #329924 Reply
        mn–
        AskWoody Lounger

        So, the unacev2.dll ACE unpacker vulnerability.

        This thing seems to have made the news and not in a nice way either. Also misleading since these typically ONLY mention WinRAR and not, say, PeaZip and all the others. Who knows how common that thing really is…?

        I certainly hope that the various antimalware tools that can scan inside .ace files aren’t vulnerable to this.

        https://research.checkpoint.com/extracting-code-execution-from-winrar/ says the vulnerability seems to exist in the open source (Linux and others) “unace-nonfree” package too, with a source code fragment shown and all (since it’s open source).

        Well, the open source library might get a fix but since it’s a nonfree one, the fix may not be redistributable.

        There’s a fully open-source and free (BSD license) unpacker for these that should be more robust, at https://pypi.org/project/acefile/ … which might in the short term become the recommended tool to use for extracting content from .ace archives, then?

        Long term, should convert any data so stored into other formats.

      • #329975 Reply
        joep517
        AskWoody MVP

        According to WinRAR changelog the ability to unpack rhe ACE format has been removed in version 5.0 beta 1. Yes, it is BETA but WinRAR has a long history of having beta software in the wild for an extended period.

        If you know of a better library perhaps you should contact the WinRAR developers.

        --Joe

        1 user thanked author for this post.
        • #330013 Reply
          mn–
          AskWoody Lounger

          Well yeah, I’m sure if someone really misses the ACE format support somewhere they can take the BSD-licensed Python acefile sources and do a reimplementation into compilable language and as a shared library. Just A Small Matter Of Programming(tm)

          Meanwhile, those of us who may develop a real need to get something out of an ACE-format archive should be able to get a Python runtime up…

      • #330041 Reply
        Microfix
        AskWoody MVP

        Martin Brinkmann over at ghacks has a temporary fix for the ACE format remote code execution vulnerability within WinRAR for those who use it.

        Win7 Pro x86/x64 | Win8.1 Pro x64 | Linux Hybrids x86/x64 |
        1 user thanked author for this post.
        • #331064 Reply
          mn–
          AskWoody Lounger

          … fix the vulnerability by disabling ACE handling altogether, to be clear.

          Well, ACE files are uncommon these days… and new ACE files with legitimate content even more so, the format has been relatively more popular for malware and scams due to being less likely to be supported by scanners.

      • #330228 Reply
        anonymous
        Guest
      • #331029 Reply
        Thomas
        AskWoody Plus

        Thanks for this post
        I use Win RAR for well over probably 20 Years + and find it a fantastic archiver.

      • #342576 Reply
        anonymous
        Guest

        ACE…? Okay. Never used it in my life ;o) Big chance that this bug is existing not only in winrar, but many other unpackers too. It’s an ancient file format, that nowadays seems to even be considerd as abandonware. So the old rules of (digital) life are still valid: never open unkown attachments from mails, most certainly not ones in exotic file formats…

    Viewing 5 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: ACE format unpacker vulnerability – WinRAR and others

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.