Recent Topics
-
UNSOLVED PA 19.00.57 (and earlier) Duplicate files possible in .pa archive in some cases.
Tech Support3 -
Fast Ring: PowerArchiver 2019 19.00.51/54/57
Tech Support6 -
UNSOLVED GUI: In need of a complete overhaul
Tech Support3 -
UNSOLVED GUI: move label
Tech Support3 -
UNSOLVED GUI: too much frames
Tech Support2 -
UNSOLVED PowerArchiver shell extensions possibly crashing windows explorer.exe
Tech Support10 -
UNSOLVED Encrypt files inside archive that has already been created [.zipx]
Wishlist3 -
UNSOLVED PA 19.00.51 / Access Violation
Tech Support7 -
SOLVED PA 19.00.51 - bug / unwanted code execution
Tech Support8 -
SOLVED Strange file size seen in 2019 portable
Tech Support5 -
SOLVED Fast Extract large files directly to target directory
Wishlist4 -
UNSOLVED Forums: double Search option in the settings (left side hamburger menu)
Tech Support1 -
SOLVED Serpent-256 Encryption for PAE/PAE2
Wishlist14 -
UNSOLVED Moving Files in to a 7Zip archive
Tech Support2 -
UNSOLVED hang when using the Test function with 7z archives
Tech Support5 -
UNSOLVED Some buttons in "Modern Look" are too small
Translations3 -
Fast Ring: PowerArchiver 2019 19.00.30/31/32/33/39/40/41/43/44/46/47/48/49
Tech Support23 -
UNSOLVED Searching for the specific Regkeys needed to default new installations in Modern Windows 10 not dark view
Tech Support2 -
UNSOLVED E-Mail problem
Tech Support7
PA 19.00.51 - bug / unwanted code execution
-
Hi.
I have found out that, if there is a folder inside an archive and the user extracts it, there is potential unwanted code execution in the function “open file location”, provided the name of the folder is the same as the name of the exe file in the parent directory.
If in the same directory of the extracted folder / subfolder there is an exe with the same name as the extracted directory, if ‘open folder when completed’ function is checked, PowerArchiver will open the exe in the parent directory, named the same as the folder being extracted, instead of opening the actual subfolder, named the same as the .EXE in the parent folder.
To ease the confusion of my words, I have made a youtube video demonstrating this PoC:
Youtube link (unlisted) with PoC
Thank you!
For any questions please contact me and I will try to explain more if applicable.
-
@2Flo please try with following release:
https://forums.powerarchiver.com/topic/6189/fast-ring-powerarchiver-2019-19-00-51-54-57and let us know if this works fine… also send us an email to support@conexware.com to get free license for PA 2019 Toolbox, for important bug discovery. Thank you!
-
@2Flo
Thanks very much for the thorough details. Was able to reproduce this immediately and have logged it in for fixing.
-
@2Flo please try with following release:
https://forums.powerarchiver.com/topic/6189/fast-ring-powerarchiver-2019-19-00-51-54-57and let us know if this works fine… also send us an email to support@conexware.com to get free license for PA 2019 Toolbox, for important bug discovery. Thank you!
-
@spwolf thank you so much for your contribution as well!
I actually do have a lifetime license for PA Toolbox that I’ve bought from your website so it would not be fair to profit for a second license in this case. The fact that the bug was worked on to be solved is more important for me.
I will test it later today or tomorrow and let you know since I’m not home right now. And I will provide all the relevant details.
-
@2Flo said in PA 19.00.51 - bug / unwanted code execution:
@spwolf thank you so much for your contribution as well!
I actually do have a lifetime license for PA Toolbox that I’ve bought from your website so it would not be fair to profit for a second license in this case. The fact that the bug was worked on to be solved is more important for me.
I will test it later today or tomorrow and let you know since I’m not home right now. And I will provide all the relevant details.
if you want, you can gift this license to someone as well.
Please check it out and let us know. Thanks!
-
@spwolf thank you so much!
Later today i will confirm whether the bug is fixed first and i will give out the license as a gift.
Sharing is caring
Stay tuned for future update soon.
-
I have only one question about the license (to know what to tell the person i will gift it to).
Does it cover future program updates and upgrades or only the minor updates for the latest major version?
Thank you!
-
@spwolf I just tested it
Extracted it 4 more depths inside folders (7 folders in total) than the last try, which was 3 folders in depth. Same settings
The program was not executed. It seems that the fix has worked
Thank you all for your involvement in fixing this bug!
