WinRAR Cracked - 14 year old Remote Code Execution flaw found

[Jito463]

8 minutes ago, Syntaxvgm said:

I'm not aware of it being able to create rars though, last time I checked it didn't because the license doesn't allow that? 

Just realized that I misread the last post I responded to as being able to open RAR files, instead of create them.  I just checked, and it can create TAR files, but not RARs.

[Tsuki]

https://research.checkpoint.com/extracting-code-execution-from-winrar/

 

the actual writeup for it.  very interesting

[Murasaki]

Lol people still use winrar?

[WereCatf]

15 minutes ago, Mayushii said:

Lol people still use winrar?

Yes, some of us do.

[Teddy07]

19 hours ago, Eaglerino said:

why do people use winrar over 7zip

what is the point? Winrar does the job

[Jito463]

I feel it's worth pointing out that this isn't necessarily a WinRAR bug, attention getting title notwithstanding.  The issue is the DLL used to open ACE archives, which has now been removed as of the latest beta.  In theory, this could affect any archive software which uses that same DLL.  And since ACE is a dead format with no further development, the likelihood of the issue actually being corrected (rather than the feature removed) is somewhere between slim and none.

[Syntaxvgm]

19 hours ago, Mayushii said:

Lol people still use winrar?

Only way to create RARs, so a lot of people use it even if they have 7zip as primary day to day use. 

[Andreas Lilja]

Have they made a Winrar skin for 7zip yet.

[Patient-Tech]

14 minutes ago, Raskolnikov said:

Have they made a Winrar skin for 7zip yet.

You’ll know they had when 7zip’s splash screen tells you your free trial has expired.

[Master Disaster]

On 2/21/2019 at 3:19 AM, Eaglerino said:

why do people use winrar over 7zip

Because WinRAR allows Cascaded Context Menu and 7zip doesn't. Personally I hate my right click being longer than my desktop.

[SpaceGhostC2C]

On 2/21/2019 at 12:20 AM, williamcll said:

But you could be using 7zip instead.

Sure, but in a future news topic about a 7zip bug we'll say "you could use Winzip", then "Windows native Zip", then "Winrar"...

They're all fine while there's no bug, though. They just work^TM

 

On 2/21/2019 at 11:31 AM, RejZoR said:

Why people use anything else than 7zip?

Maybe because

On 2/21/2019 at 11:31 AM, RejZoR said:

LZMA2 is the most advanced compression algorithm at the moment. It's second best right after ZPAQ, but with realistically usable speeds. ZPAQ saves few extra megabytes, but takes like 10x longer even on 12 thread "powerhouse".

is something that 0,000001% of the population will know or even understand?

I'm pretty sure that the vast majority of computer users aren't thinking about the efficiency of LZMA2 when installing software in their devices, but rather googling "I have rar, how to open?".

 

I mean, why do people use Adobe Acrobat?

[RejZoR]

10 hours ago, SpaceGhostC2C said:

Sure, but in a future news topic about a 7zip bug we'll say "you could use Winzip", then "Windows native Zip", then "Winrar"...

They're all fine while there's no bug, though. They just work^TM

 

Maybe because

is something that 0,000001% of the population will know or even understand?

I'm pretty sure that the vast majority of computer users aren't thinking about the efficiency of LZMA2 when installing software in their devices, but rather googling "I have rar, how to open?".

 

I mean, why do people use Adobe Acrobat?

Then who are still the "geeks" who use RAR so that noobs need to look for it? I don'tknow, asking for a friend and all that...

[PlayStation 2]

Exactly what would the point of cracking WinRAR serve? That 40 day trial lasts forever to the best of my knowledge.

[RejZoR]

21 minutes ago, handymanshandle said:

Exactly what would the point of cracking WinRAR serve? That 40 day trial lasts forever to the best of my knowledge.

It was not cracked in that kind of way