CVEブラウザに戻る

CVE-2018-20250

Known Exploited (CISA KEV)HIGH

7.8

CVSS Severity Score

EPSS Score33.7130%

EPSS Percentile87.83th

Published2019年2月5日

Last Modified2025年10月31日

Vulnerability Description

In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.

Affected Platforms (CPE)

📦

Rarlab

Winrar

<= 5.61

References & Advisories

🔗 http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html

🔗 http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace

🔗 http://www.securityfocus.com/bid/106948

🔗 https://github.com/blau72/CVE-2018-20250-WinRAR-ACE

🔗 https://research.checkpoint.com/extracting-code-execution-from-winrar/

🔗 https://www.exploit-db.com/exploits/46552/

🔗 https://www.exploit-db.com/exploits/46756/

🔗 https://www.win-rar.com/whatsnew.html

関連する脆弱性情報

CVE-2004-125410.0

WinRAR 3.40, and possibly earlier versions, allows remote attackers to execute arbitrary code via a ZIP file containing a file wit...

CVE-2008-714410.0

Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have unknown impact and attack vectors related to crafted (1) AC...

CVE-2006-38459.3

Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 beta 6 allows remote attackers to execute arbitrary code via a ...

CVE-2018-202537.8

In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA / LZ...