CVE-2022-43650: WinRAR 6.21 final released

< WinRAR 6.20 Beta 2 released

15.12.2022 14:39 Age: 104 days

WinRAR 6.20 Beta 3 released****Release date: 15.12.2022

1. If Zone.Identifier alternate NTFS stream, also known as Mark of the Web, is present both in archived office document file and host archive, WinRAR sets a stream with more restricted security zone to unpacked file.

   Previous beta always preferred the archive security zone if it was “Internet” or "Restricted sites".

   We are thankful to Amine Brahmi for bringing our attention to conflicting Zone.Identifier streams in this case.

2. “Archive” page in archive properties in Windows Explorer:

   1. “Original name” and “Original time” field names are not displayed anymore for non-RAR archives;
   2. the compression dictionary size is displayed also for non-RAR archives when available.

3. Bugs fixed:

   1. if “Launch folder windows in a separate process” Windows Explorer option was enabled in Windows 11 22H2, in some cases WinRAR context menu items didn’t perform any action on a click;
   2. WinRAR could read data beyond the end of buffer and crash when unpacking files from specially crafted ZIP archive. We are thankful to Bakker working with Trend Micro Zero Day Initiative for letting us know about this bug.

About win.rar GmbH:
win.rar GmbH has been the official distributor of WinRAR and RARLAB products since February 2002 and handles all support, marketing and sales related to WinRAR & rarlab.com. win.rar GmbH is registered in Germany and is represented worldwide by local partners in more than 40 countries on six continents. win.rar’s declared objective is to provide first-class quality support and to optimize its software to meet customer’s requirements in accordance with their valued feedback. For more information about WinRAR and win.rar GmbH please visit our website: www.win-rar.com

The beta download links are being expired after the final release!