Recent Topics
-
UNSOLVED [Bug / Feature Request] Integrate offline Virtual Drive into the PowerArchiver installer
Tech Support3 -
UNSOLVED extracting issue
Tech Support7 -
SOLVED No Updates Shown
Tech Support5 -
UNSOLVED PowerArchiver resend codes doesn't work
Tech Support6 -
PowerArchiver and PACL for macOS
Tech Support3 -
UNSOLVED File Browser: Operations don't trigger UAC
Tech Support7 -
Fast Ring: PowerArchiver 2019 19.00.51/54/57/58/59
Tech Support24 -
SOLVED Problem: Backspace navigation in Explorer mode
Tech Support3 -
UNSOLVED Smart AI: Preferences not intuitive
Tech Support13 -
SOLVED Find file in archive.
Wishlist9 -
UNSOLVED PA 20.00.02 not executing .exe files from archive
Tech Support10 -
PACL 9.0 Beta 2
Tech Support24 -
UNSOLVED Minor UI question
Tech Support7 -
SOLVED Slow Download
General Chat3 -
SOLVED ZIPX-jpeg-compression
Tech Support2 -
SOLVED PA standard 2019 can not create PA-archives
Tech Support2 -
UNSOLVED The PACL does not extract files from the self-extracting archive
Tech Support3 -
UNSOLVED PA 19.00.57 - Drawing issue on file type collumn
Tech Support2 -
UNSOLVED PA 19.00.57 crashes Firefox 69.0.1 in module pashlext64.dll | UserCallWinProcCheckWow
Tech Support18 -
UNSOLVED Include all PowerArchive Toolbox features in the offline installer
Tech Support3
PA 19.00.51 - bug / unwanted code execution
-
Hi.
I have found out that, if there is a folder inside an archive and the user extracts it, there is potential unwanted code execution in the function “open file location”, provided the name of the folder is the same as the name of the exe file in the parent directory.
If in the same directory of the extracted folder / subfolder there is an exe with the same name as the extracted directory, if ‘open folder when completed’ function is checked, PowerArchiver will open the exe in the parent directory, named the same as the folder being extracted, instead of opening the actual subfolder, named the same as the .EXE in the parent folder.
To ease the confusion of my words, I have made a youtube video demonstrating this PoC:
Youtube link (unlisted) with PoC
Thank you!
For any questions please contact me and I will try to explain more if applicable.
-
@2Flo please try with following release:
https://forums.powerarchiver.com/topic/6189/fast-ring-powerarchiver-2019-19-00-51-54-57and let us know if this works fine… also send us an email to support@conexware.com to get free license for PA 2019 Toolbox, for important bug discovery. Thank you!
-
@2Flo
Thanks very much for the thorough details. Was able to reproduce this immediately and have logged it in for fixing.
-
@2Flo please try with following release:
https://forums.powerarchiver.com/topic/6189/fast-ring-powerarchiver-2019-19-00-51-54-57and let us know if this works fine… also send us an email to support@conexware.com to get free license for PA 2019 Toolbox, for important bug discovery. Thank you!
-
@spwolf thank you so much for your contribution as well!
I actually do have a lifetime license for PA Toolbox that I’ve bought from your website so it would not be fair to profit for a second license in this case. The fact that the bug was worked on to be solved is more important for me.
I will test it later today or tomorrow and let you know since I’m not home right now. And I will provide all the relevant details.
-
@2Flo said in PA 19.00.51 - bug / unwanted code execution:
@spwolf thank you so much for your contribution as well!
I actually do have a lifetime license for PA Toolbox that I’ve bought from your website so it would not be fair to profit for a second license in this case. The fact that the bug was worked on to be solved is more important for me.
I will test it later today or tomorrow and let you know since I’m not home right now. And I will provide all the relevant details.
if you want, you can gift this license to someone as well.
Please check it out and let us know. Thanks!
-
@spwolf thank you so much!
Later today i will confirm whether the bug is fixed first and i will give out the license as a gift.
Sharing is caring
Stay tuned for future update soon.
-
I have only one question about the license (to know what to tell the person i will gift it to).
Does it cover future program updates and upgrades or only the minor updates for the latest major version?
Thank you!
-
@spwolf I just tested it
Extracted it 4 more depths inside folders (7 folders in total) than the last try, which was 3 folders in depth. Same settings
The program was not executed. It seems that the fix has worked
Thank you all for your involvement in fixing this bug!
