標題: WinRAR 有漏洞 [打印本頁]

---

作者: 鴨仔    時間: 2019-2-24 12:07     標題: WinRAR 有漏洞

本帖最後由 鴨仔 於 2019-2-24 14:02 編輯

Nadav Grossman from Check Point Software Technologies informed us
      about a security vulnerability in UNACEV2.DLL library.
      Aforementioned vulnerability makes possible to create files
      in arbitrary folders inside or outside of destination folder
      when unpacking ACE archives.

      WinRAR used this third party library to unpack ACE archives.
      UNACEV2.DLL had not been updated since 2005 and we do not have access
      to its source code. So we decided to drop ACE archive format support
      to protect security of WinRAR users.

      We are thankful to Check Point Software Technologies for reporting
      this issue.

請升級到5.7 Beta 1或之後版本
https://rarlab.com/download.htm

---

作者: TH30    時間: 2019-2-24 12:34

ACE archive format 係咩黎，有咩用？

---

作者: toylet    時間: 2019-2-24 13:35

提示: 作者被禁止或刪除 內容自動屏蔽