-
Update system issue
Tech Support1 -
Minimize/Expand Ribbon
Tech Support3 -
Burn Disk from .ISO
Tech Support2 -
Fast Ring: PowerArchiver 2021 20.00.56
Tech Support1 -
SOLVED Zipping up with folders but without root folder
Tech Support4 -
Fast Ring: PowerArchiver 2021 20.00.53
Tech Support17 -
PowerArchiver and PACL for macOS
Tech Support8 -
Fast Ring: PowerArchiver 2021 20.00.55
Tech Support10 -
SOLVED powerarchiver not able to compress / decompress files with long file names
Tech Support8 -
License Code Not Working / Missing
Tech Support2 -
Upgrade for 2019 users?
Tech Support3 -
UNSOLVED Resize: Frames overlap
Tech Support4 -
SOLVED TYPO: Gesture
Tech Support3 -
UNSOLVED GUI: Center the buttons
Tech Support2 -
UNSOLVED label56
Tech Support9 -
SOLVED GUI Alignment
Tech Support3 -
Preview of pdf files
Tech Support5 -
I would like to test this for the Mac
Tech Support2 -
Preview doesn't support Unicode
Tech Support4 -
PA 2021 Registration Dialog menu option
Tech Support3
PA 19.00.51 - bug / unwanted code execution
-
Hi.
I have found out that, if there is a folder inside an archive and the user extracts it, there is potential unwanted code execution in the function “open file location”, provided the name of the folder is the same as the name of the exe file in the parent directory.
If in the same directory of the extracted folder / subfolder there is an exe with the same name as the extracted directory, if ‘open folder when completed’ function is checked, PowerArchiver will open the exe in the parent directory, named the same as the folder being extracted, instead of opening the actual subfolder, named the same as the .EXE in the parent folder.
To ease the confusion of my words, I have made a youtube video demonstrating this PoC:
Youtube link (unlisted) with PoC
Thank you!
For any questions please contact me and I will try to explain more if applicable.
-
@2Flo please try with following release:
https://forums.powerarchiver.com/topic/6189/fast-ring-powerarchiver-2019-19-00-51-54-57and let us know if this works fine… also send us an email to support@conexware.com to get free license for PA 2019 Toolbox, for important bug discovery. Thank you!
-
@2Flo
Thanks very much for the thorough details. Was able to reproduce this immediately and have logged it in for fixing.
-
@2Flo please try with following release:
https://forums.powerarchiver.com/topic/6189/fast-ring-powerarchiver-2019-19-00-51-54-57and let us know if this works fine… also send us an email to support@conexware.com to get free license for PA 2019 Toolbox, for important bug discovery. Thank you!
-
@spwolf thank you so much for your contribution as well!
I actually do have a lifetime license for PA Toolbox that I’ve bought from your website so it would not be fair to profit for a second license in this case. The fact that the bug was worked on to be solved is more important for me.
I will test it later today or tomorrow and let you know since I’m not home right now. And I will provide all the relevant details.
-
@2Flo said in PA 19.00.51 - bug / unwanted code execution:
@spwolf thank you so much for your contribution as well!
I actually do have a lifetime license for PA Toolbox that I’ve bought from your website so it would not be fair to profit for a second license in this case. The fact that the bug was worked on to be solved is more important for me.
I will test it later today or tomorrow and let you know since I’m not home right now. And I will provide all the relevant details.
if you want, you can gift this license to someone as well.
Please check it out and let us know. Thanks!
-
@spwolf thank you so much!
Later today i will confirm whether the bug is fixed first and i will give out the license as a gift.
Sharing is caring :)
Stay tuned for future update soon.
-
I have only one question about the license (to know what to tell the person i will gift it to).
Does it cover future program updates and upgrades or only the minor updates for the latest major version?
Thank you!
-
@spwolf I just tested it
Extracted it 4 more depths inside folders (7 folders in total) than the last try, which was 3 folders in depth. Same settings
The program was not executed. It seems that the fix has worked :D
Thank you all for your involvement in fixing this bug!
