25 February 19, 14:52
Hi guys,
I ask the WinRAR developer about this and this is his reply about the workaround. Which is either to (1) upgrade to WinRAR 5.70 beta 1 and 2 or (2) just delete the file "UNACEV2.DLL " manually from it's location. See quoted text below.
![[Image: tWOmkM8.png]](https://i.imgur.com/tWOmkM8.png)
The downloads links for WinRAR 5.70 beta 1 and 2 are posted above by silversurfer
As mentioned above if you do not want to upgrade to ver5.70 now, users can just delete the file below manually,
in the Program Files folder (or in Formats subfolder of WinRAR program folder)
![[Image: PG8ddin.png]](https://i.imgur.com/PG8ddin.png)
I ask the WinRAR developer about this and this is his reply about the workaround. Which is either to (1) upgrade to WinRAR 5.70 beta 1 and 2 or (2) just delete the file "UNACEV2.DLL " manually from it's location. See quoted text below.
Quote:Hello,
UNACEV2.DLL library which we used in WinRAR 5.61 and earlier to unpack
ACE files was vulnerable to directory traversal attack with a specially
crafted ACE archives. We already published WinRAR 5.70 beta 1 and 2
without this library and these 5.70 betas are not vulnerable.
Those users who do not want to upgrade to 5.70 just now, can delete
UNACEV2.DLL file to prevent this attack. Depending on WinRAR version,
UNACEV2.DLL can be resided either in WinRAR program folder or in Formats
subfolder of WinRAR program folder. Just delete this file manually
and it will prevent such attack.
Meanwhile we are working on WinRAR 5.70 release.
The downloads links for WinRAR 5.70 beta 1 and 2 are posted above by silversurfer
As mentioned above if you do not want to upgrade to ver5.70 now, users can just delete the file below manually,
Quote:UNACEV2.DLL file
in the Program Files folder (or in Formats subfolder of WinRAR program folder)
![[-]](https://www.geeks.fyi/images/collapse.png)
