File archiving utility WinRAR has been around for more than two decades… and for almost as long, there’s been a vulnerability in the application that could allow an attacker to take over your computer if you inadvertently used the app to open a malicious ACE archive file.

Researchers at Checkpoint security recently discovered the vulnerability and WinRAR has already released an update to protect users… by eliminating the ability to work with ACE files.

Note that you’ll want to install WinRAR 5.70 beta 1 or later in order to get the version that’s safe from these attacks… or you could just avoid ACE files altogether.

On the one hand, removing support for ACE files seems like a kludgy solution. On the other hand, the ACE file format is pretty old and out of date at this point — the ACE archive format is protected by a patent and the only software legally licensed to create ACE files hasn’t been updated since 2007.

That said, if you have sole old files around that are stored in an ACE archive, it’s unfortunate that WinRAR can’t open them anymore.

There are other applications that do still offer some form of support for ACE files. For example, PeaZip offers an optional plugin that lets you open, extract, browse, or convert existing ACE files… but it will not let you create new ACE archives. But I suspect it’s subject to the same vulnerability that affected WinRAR, because the UNACE Plugin for PeaZip relies on the same unacev2.dll exploited by the researchers at CheckPoint.

Meanwhile popular cross-platform file archiving utility 7-zip has never supported ACE files.

Support Liliputing

Liliputing's primary sources of revenue are advertising and affiliate links (if you click the "Shop" button at the top of the page and buy something on Amazon, for example, we'll get a small commission).

But there are several ways you can support the site directly even if you're using an ad blocker* and hate online shopping.

Contribute to our Patreon campaign

or...

Contribute via PayPal

* If you are using an ad blocker like uBlock Origin and seeing a pop-up message at the bottom of the screen, we have a guide that may help you disable it.

Subscribe to Liliputing via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 9,534 other subscribers

5 replies on “WinRAR updated to protect against a (recently discovered) 19-year old security vulnerability”

  1. ACE and RAR. Popular formats for pirates for many years. I’m surprised people still use either format.

  2. I’ve seen a bunch of compression formats, especially back in the late 90s and early 2000s, but I’ve never heard of ACE until I read this article.

  3. If anyone comes across old floppies or cd-roms, the ace format might appear (I guess). A shame that they chose to abandon it altogether. I seriously doubt that any of the old (historic) files that might’ve used this format would pose a threat.

    I started buying floppies off the back pages of magazines in the early days. Later it was cd-roms and BBSes. All for my fix of shareware, freeware and public domain programs. Saw lots of archiver formats (I recall pak, arc, arj, lzh… ) and for the life of me can’t recall ever running across ‘ace’. So maybe not a major loss…

    Still… something about losing access to a bit of the past doesn’t sit well with me.

Comments are closed.