WinRAR 6.02 Beta 1 发布
https://www.rarlab.com/download.htmVersion 6.02 beta 1
1. ZIP SFX module refuses to process SFX commands stored in archive
comment if such comment is resided after beginning of Authenticode
digital signature. It is done to prevent possible attacks with
inclusion of ZIP archive into the signature body.
We already prohibited extracting contents of such malformed archives
in WinRAR 6.01.
We are thankful to FireEye Mandiant team for reporting this issue.
2. WinRAR uses https instead of http in the web notifier window,
home page and themes links. It also implements additional checks
within the web notifier. This is done to prevent a malicious web page
from executing existing files on a user's computer. Such attacks
are only possible if the intruder has managed to spoof or otherwise
control user's DNS records. Other factors are also involved
in limiting its practical application, including a security alert
prompt asking for a user's confirmation before opening a malicious page.
We would like to express our gratitude to Igor Sak-Sakovskiy
for bringing this issue to our attention.
3. Where appropriate, SFX archive displays the additional line
with detailed error information provided by operating system.
For example, previously such archive would display "Cannot create file"
message alone. Now this message is followed by a detailed reason
like access denied or file being used by another process.
In the past this extended error information was available in WinRAR,
but not in SFX archives.
4. Switch -idn hides archived names also in 'v' and 'l' commands.
It can be useful if only the archive type or total information
is needed.
5. If -ibck -ri<priority> switches are used together, WinRAR process
sets the priority specified in -ri switch. Previous versions ignored
-ri and set the priority to low in the presence of -ibck switch.
6. When using "File/Change drive" command, WinRAR saves the last folder
of previous drive and restores it if that drive is selected again
later.
7. Name of unpacking file is now included into WinRAR incorrect password
warning for RAR5 archives. It can be helpful when unpacking
a non-solid archive containing files encrypted with different passwords.
8. Bugs fixed:
a) "Convert archives" command issued erroneous "The specified password
is incorrect" message after succesfully converting RAR archive
with encrypted file names if new password was set and archive
was opened in WinRAR shell;
b) if command progress window was resized up and then quickly resized
down to original dimensions, window contents could be positioned
incorrectly.
机翻:
版本6.02 beta 1
1.zip sfx模块拒绝处理存储在存档中的sfx命令。
如果该注释位于Authenticode开始后,则为注释
数字签名。这是为了防止可能的攻击
将ZIP存档文件包含到签名体中。
我们已经禁止提取这类畸形档案的内容。
在WinRAR 6.01。
我们感谢火眼管理团队报告这一问题。
2.WinRar在web通知程序窗口中使用https而不是http,
主页和主题链接。它还实现了额外的检查。
在网络通知程序中。这样做是为了防止恶意网页。
在用户计算机上执行现有文件。这类攻击
只有当入侵者设法欺骗或以其他方式入侵时,才有可能。
控制用户的DNS记录。其他因素也涉及到
限制其实际应用,包括安全警报
在打开恶意页面之前,提示询问用户的确认。
我们对伊戈尔·萨克-萨科夫斯基表示感谢。
让我们注意到这个问题。
3.在适当的情况下,sfx存档显示额外的行。
操作系统提供的详细错误信息。
例如,以前这样的存档会显示“无法创建文件”。
单独留言。现在,这条消息后面是一个详细的原因
与其他进程所使用的访问拒绝或文件类似。
在过去,这种扩展的错误信息可以在WinRAR中获得,
但不在SFX档案里。
4.开关-idn也在“v”和“l”命令中隐藏存档的名称。
如果只有存档类型或全部信息,则会很有用。
是必要的。
5.如果-ibck-ri<优先级>交换机一起使用,WinRAR进程
设置在-ri开关中指定的优先级。忽略以前的版本
-在存在-ibck开关的情况下,将优先级设置为低。
6.使用“文件/更改驱动器”命令时,WinRAR保存最后一个文件夹
,如果再次选中该驱动器,则恢复该驱动器。
后来。
7.解压缩文件的名称现在包含在WinRAR不正确的密码中。
RAR 5档案警告。在打开包装的时候会很有帮助
包含用不同密码加密的文件的非固态存档。
8.故障修复:
A)“转换档案”命令错误地发出“指定密码”
成功转换RAR存档后的“消息不正确”
使用加密的文件名(如果设置了新密码)并存档。
在WinRAR壳中打开;
(B)如果调整了命令进度窗口,然后迅速调整大小
直到原始尺寸,窗口内容可以被不正确定位。
页:
[1]