Post Description

WinRAR - What's new in the latest version


   Version 5.30 beta 5

   1. Information about the critical vulnerability in WinRAR self-extracting
      archives recently published in news is incorrect. Unfortunately
      mass media failed to recognize that what was described as WinRAR
      vulnerability is Windows OLE vulnerability patched in November 2014:

      https://technet.microsoft.com/en-us/library/security/ms14-064.aspx

      Even if unpatched, this Windows OLE vulnerability does not introduce
      new risk factors for WinRAR SFX archives.

      Please read http://rarlab.com/vuln_sfx_html2.htm for more details.

      No patches for WinRAR are needed.
   
   2. "Import/Export" commands:
   
      a) WinRAR performs the additional validation of Settings.reg contents
         for "Import settings from file" command to prevent importing Registry
         keys unrelated to WinRAR settings;

      b) WinRAR specifies the full path to regedit.exe tool to prevent
         running copies of "regedit" from other folders.
   
   3. Bugs fixed:

      a) If 'file' and 'file.exe' were present in the same folder
         and user double clicked on 'file', WinRAR could start 'file.exe'
         instead;

      b) "Generate report" command could create a report in wrong folder,
         not that with selected files;

      c) RAR could crash when unpacking .rar archives with corrupt file