< False WinRAR Security Alerts
08.10.2015 15:56 Давность: 9 yrs

WinRAR 5.30 Beta 5 released

Release date: 08.10.2015


  1. Information about the critical vulnerability in WinRAR self-extracting archives recently published in news is incorrect. Unfortunately mass media failed to recognize that what was described as WinRAR vulnerability is Windows OLE vulnerability patched in November 2014:
     
    Even if unpatched, this Windows OLE vulnerability does not introduce new risk factors for WinRAR SFX archives.
     
    Please read https://www.rarlab.com/vuln_sfx_html2.htm for more details.
     
    No patches for WinRAR are needed.
     
  2. "Import/Export" commands:
     
    1. WinRAR performs the additional validation of Settings.reg contents for "Import settings from file" command to prevent importing Registry keys unrelated to WinRAR settings;
       
    2. WinRAR specifies the full path to regedit.exe tool to prevent running copies of &quotregedit&quot from other folders.

     
  3. Bugs fixed:
     
    1. If "file" and "file.exe" were present in the same folder and user double clicked on "file", WinRAR could start "file.exe" instead;
       
    2. "Generate report" command could create a report in wrong folder, not that with selected files;
       
    3. RAR could crash when unpacking .rar archives with corrupt file headers. Fixed now.
       

About win.rar GmbH:
win.rar GmbH has been the official distributor of WinRAR and RARLAB products since February 2002 and handles all support, marketing and sales related to WinRAR & rarlab.com. win.rar GmbH is registered in Germany and is represented worldwide by local partners in more than 70 countries on six continents. win.rar's declared objective is to provide first-class quality support and to optimize its software to meet customer's requirements in accordance with their valued feedback. For more information about WinRAR and win.rar GmbH please visit our website: www.win-rar.com

 


The beta download links are being expired after the final release!