WinRar 4.20 - File Extension Spoofing (0Day)
# Exploit Title: WinRar File extension spoofing (0Day)
# Date: 23/03/14
# Exploit Author: Danor Cohen (An7i) (http://an7isec.blogspot.co.il/) (https://twitter.com/An7i21)
# Vendor Homepage: http://www.rarlab.com/
# Version: [4.20]
# Tested on: [Windows 8 ,Windows 7 ,Windows xp]
You have purchased a version-specific WinRAR license for WinRAR from a special promotion campaign that we have run in the past.
Your key is only valid for WinRAR 5.0x and your maintenance is expired since over six month.
You can update your maintenance for one year here:
If you you buy 1 year maintenance, you can update to WinRAR 5.10 as far as WinRAR is out of beta state and 5.10 Final is released.
Please inform us and we will send you a new key for WinRAR 5.10.
Since you are already an existing WinRAR user we are happy to offer you an upgrade to a regular license at 50% discount of our prices:
Für 13,47€ (50% discount) hab ich mir jetzt die reguläre Lizenz gegönnt.###
WinRAR regular license is a one time purchase. For the time being we offer all future updates and upgrades for free.
There are no indications that this policy will change in the very near future.
Should you have any further questions, please let us know.
Gerhard Luehning at WinRAR-Support
1. Added extraction support for ZIP and ZIPX archives using
BZIP2, LZMA and PPMd compression.
2. Added extraction support for 7z split archives
(.7z.001, .7z.002, ...).
3. Added support for AES-NI CPU instructions allowing to improve
RAR encryption and decryption performance.
4. Default theme images are scaled up with better quality
in high DPI display mode.
5. Environment variables, such as %temp%, can be used
in "Files to add" field of archiving dialog.
6. Switch -ai can be used when creating RAR archive,
so predefined values, typical for file and folder,
are stored instead of actual attributes.
Previously this switch could be used only when extracting.
1. WinRAR can unpack TAR archives containing folders with pax
extended headers. Previous versions failed to unpack them.
2. "Keep broken files" extraction option is supported for 7-Zip archives.
3. Bugs fixed:
a) WinRAR 5.10 did not set "hidden", "read-only" and "system"
file attributes when unpacking ZIP archives;
b) WinRAR 5.10 failed to update self-extracting RAR archives
containing nested ZIP archives stored without compression;
c) ZIP archive created with "Do not store paths" option
included unnecessary empty name records for folders;
d) archived files could have 1 hour modification time error
in Windows XP;
e) deleting a file in RAR5 solid archive containing files stored
with -ver switch caused such files to lose version information;
f) black rectangles were displayed instead of toolbar buttons
in 16- and 24- bit screen color modes and Windows custom text size
larger than 100%.
Bei v4 war das nur ein Bit, bei v5 wird zusätzlich noch die Prüfsumme des Archivs angepasst, Code auf github.rar_unlocker.exe archive.rar [-unlock | -lock]