| | Status in 4.20 | |----------------|---------------------| | ACE path traversal (CVE-2018-20250) | Not present — ACE format was already deprecated. | | DLL hijacking via winrar_theme.rar | Not yet documented; became prominent in later versions. | | Password-protected header weakness | Still used weaker PBKDF2 iteration count (default 262k) vs modern 1M+. | | UNACEV2.DLL risk | WinRAR had already dropped ACE support before 4.20 (since v4.00). |
A reliable time capsule of early-2010s PC software — just don’t connect it to the internet. Would you like a complementary exploit-db style vulnerability note for this version, or a migration guide to WinRAR 6.x? winrar 4.20 -32-bit-