ZTree.com  | ZEN  | About...  

 Index   Back

WinRAR flaw   [General]

By: John Leslie       
Date: Aug 20,2023 at 14:02
In Response to: WinRAR flaw (John Gruener)

> > WinRAR flaw lets hackers run programs when you open RAR archives
> >
> >
> https://www.bleepingcomputer.com/news/se...-programs-when-you-open-rar-archives/
> >
> > I have these files in my Ztree folder...
> >
> > unrar.dll 267,992 .a.. 5-23-23 12:28:50 pm
> > Version: 5.71.0 [5.71.100.3045]
> >
> > unrar64.dll 320,728 .a.. 5-23-23 12:28:50 pm
> > Version: 5.71.0 [5.71.100.3045]
> >
> > Should I be worried?
>
> Paul,
>
> You need not be worried unless you open RAR files that come from
> questionable sources.
>
> The DLL versions you have are supplied by Kim in his updates. The dates
> of those files are actually 4-27-19 (not 5-23-23).
>
> As noted by BleepingComputer, the current version which fixes the flaw
> is 6.23.0. I expect Kim will provide the updated versions in his next
> Zeta.
>
> Meanwhile, if you are still concerned, you can download the
> UnRARDLL.exe package here:
> https://www.rarlab.com/rar/UnRARDLL.exe
> extract those two files from that, and replace them in your ZTree
> directory.
>
> - John

I forget whether this used to be an issue (I very rarely open RAR files in ZTW), but "O"pening an image inside an Alt-F5ed RAR file using the latest DLLs extracts the file to (for example):
C:\Users\johnl\AppData\Local\Temp\ZTMP000\tmpB803.tmp\image.jpg
But passes the path:
C:\Users\johnl\AppData\Local\Temp\ZTMP000\image.jpg
To the Image viewer, which then points out its unhappiness.

363 views      
 

Messages in this Thread

 
96,664 Postings in 12,235 Threads, 350 registered users, 193 users online (0 registered, 193 guests)
Index | Admin contact |   Forum Time: Jun 16, 2024 - 3:16 pm UTC  |  Hits:64,851,825  (61,885 Today )
RSS Feed