<![CDATA[unacev2.dll - App-Request]]>There is a vulnerability in the old version of unacev2.dll:
Attackers Exploiting WinRAR UNACEV2.DLL Vulnerability (CVE-2018-20250) | McAfee Blogs
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/attackers-exploiting-winrar-unacev2-dll-vulnerability-cve-2018-20250/

0patch Blog: No Source Code For a 14-Year Old Vulnerable DLL? No Problem. (CVE-2018-20250)
https://blog.0patch.com/2019/02/no-source-code-for-14-year-old.html

Total Commander offers a download for the fixed version:

Total Commander - Mailing
https://www.ghisler.com/mailing.htm

https://www.totalcommander.ch/win/unacev2_fixed.zip

File name and path:     C:\prg\unacev2_fixed\UNACEV2.DLL
Product Name:           UNACE - freeware ACE extraction component
Internal Name:          UnAceV2.Dll
Original Filename:      UnAceV2.Dll

File Description:       UNACE Dynamic Link Library
Company:                ACE Compression Software
Legal Copyright:        ACE Compression Software, 2000-2019
Legal Trademarks:       ACE Compression Software, 2000-2019
Comments:               

File Version String:    2.6.2.0
File Version:           2.6.2.0
Product Version String: 2.6.2.0
Product Version:        2.6.1.0

This is the version with vulnerability:

File name and path:     C:\totalcmd\UNACEV2.DLL
Product Name:           UNACE - freeware ACE extraction component
Internal Name:          UnAceV2.Dll
Original Filename:      UnAceV2.Dll

File Description:       UNACE Dynamic Link Library
Company:                ACE Compression Software
Legal Copyright:        ACE Compression Software, 2000-2005
Legal Trademarks:       ACE Compression Software, 2000-2005
Comments:               

File Version String:    2.6.0.0
File Version:           2.6.0.0
Product Version String: 2.6.0.0
Product Version:        2.6.0.0
]]>https://vulndetect.org/topic/642/unacev2-dll-app-requestRSS for NodeFri, 06 Mar 2026 15:05:36 GMTSun, 17 Mar 2019 07:18:02 GMT60<![CDATA[Reply to unacev2.dll - App-Request on Sun, 17 Mar 2019 10:44:58 GMT]]>This is a very interesting case indeed.

While VulnDetect has the capability of detecting libraries, then this is beyond the current scope of VulnDetect.

However, due to the fact that this is being actively exploited and I can see that there is a LOT of software, including Avira AntiVir, WinRAR, XnView, PeaZip, Bandizip, SpeedCommander, and tonnes of software I never heard about, that utilizes it and sounds like it could provide attack vectors, I will add it for now.

But do not expect us to support libraries in general, anytime soon.

Later in the week, when the second iteration of our bundling is going live, then I will let the security state of unacev2.dll affect the state of the parent program.

]]>https://vulndetect.org/post/2768https://vulndetect.org/post/2768Sun, 17 Mar 2019 10:44:58 GMT