WinRAR 5.71 Beta 2 released

WinRAR Code Execution vulnerability

Short for Roshal ARchive, RAR is a file format, typically used for data compression (similar to ZIP files), error recovery, and file spanning, developed by Eugene Roshal. The most common file extensions for a RAR format is .rar (for compressed files) and .rev (for recovery files). 7-Zip and WinRAR are the most common software programs used for creating files in the RAR format and extracting the contents of the RAR file.

WinRAR Code Execution vulnerability

WinRAR 5.71 beta 2 released.


1. Master password processing:

a) if password stored in compression profile is protected
with master password and user entered a wrong master password
after choosing a profile, “the specified password is incorrect”
message is displayed before repeating request;

b) if -cp<profile_name> switch is used, profile stores a password
protected with master password and user cancels the master
password prompt, the entire archiving command is cancelled.
Previous versions continued archiving without a password.

2. When repairing archives in command line, it is allowed to specify
a name of existing destination folder also without trailing path
separator. Previously “r” command accepted only “destfolder\” format.

Path separator is still required if destination folder does not exist.

3. Bugs fixed:

a) WinRAR could crash when attempting to display some types of archive
comments in GUI shell, resulting in a denial of service;

b) current archive name was not updated in hint message associated
with tray icon when repairing several archives in background.