WinRAR 5.30 beta 5 changelog
WinRAR 5.30 beta 5 brings the following changes:
1. Information about the critical vulnerability in WinRAR self-extracting archives recently published in news is incorrect. Unfortunately mass media failed to recognize that what was described as WinRAR vulnerability is Windows OLE vulnerability patched in November 2014: https://technet.microsoft.com/en-us/library/security/ms14-064.aspx Even if unpatched, this Windows OLE vulnerability does not introduce new risk factors for WinRAR SFX archives. Please read http://rarlab.com/vuln_sfx_html2.htm for more details. No patches for WinRAR are needed. 2. "Import/Export" commands: a) WinRAR performs the additional validation of Settings.reg contents for "Import settings from file" command to prevent importing Registry keys unrelated to WinRAR settings; b) WinRAR specifies the full path to regedit.exe tool to prevent running copies of "regedit" from other folders. 3. Bugs fixed: a) If 'file' and 'file.exe' were present in the same folder and user double clicked on 'file', WinRAR could start 'file.exe' instead; b) "Generate report" command could create a report in wrong folder, not that with selected files; c) RAR could crash when unpacking .rar archives with corrupt file headers. Fixed now.