CyberSec.Space Logo
Back to CVE Browser

CVE-2018-20252

HIGH
7.8
CVSS Severity Score
EPSS Score0.1490%
EPSS Percentile18.61th
PublishedFeb 5, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Affected Platforms (CPE)

πŸ“¦
Rarlab

Winrar

<= 5.60

References & Advisories

πŸ”— http://www.securityfocus.com/bid/106948
πŸ”— https://research.checkpoint.com/extracting-code-execution-from-winrar/
πŸ”— https://www.win-rar.com/whatsnew.html
πŸ”— http://www.securityfocus.com/bid/106948
πŸ”— https://research.checkpoint.com/extracting-code-execution-from-winrar/
πŸ”— https://www.win-rar.com/whatsnew.html

Related Vulnerabilities

CVE-2004-125410.0

WinRAR 3.40, and possibly earlier versions, allows remote attackers to execute arbitrary code via a ZIP file containing a file wit...

CVE-2008-714410.0

Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have unknown impact and attack vectors related to crafted (1) AC...

CVE-2006-38459.3

Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 beta 6 allows remote attackers to execute arbitrary code via a ...

CVE-2018-202537.8

In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA / LZ...