返回 CVE 瀏覽器

CVE-2018-20250

Known Exploited (CISA KEV)HIGH

7.8

CVSS Severity Score

EPSS Score33.7130%

EPSS Percentile87.83th

Published2019年2月5日

Last Modified2025年10月31日

Vulnerability Description

In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.

Affected Platforms (CPE)

📦

Rarlab

Winrar

<= 5.61

References & Advisories

🔗 http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html

🔗 http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace

🔗 http://www.securityfocus.com/bid/106948

🔗 https://github.com/blau72/CVE-2018-20250-WinRAR-ACE

🔗 https://research.checkpoint.com/extracting-code-execution-from-winrar/

🔗 https://www.exploit-db.com/exploits/46552/

🔗 https://www.exploit-db.com/exploits/46756/

🔗 https://www.win-rar.com/whatsnew.html

相關漏洞威脅

CVE-2004-125410.0

WinRAR 3.40, and possibly earlier versions, allows remote attackers to execute arbitrary code via a ZIP file containing a file wit...

CVE-2008-714410.0

Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have unknown impact and attack vectors related to crafted (1) AC...

CVE-2006-38459.3

Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 beta 6 allows remote attackers to execute arbitrary code via a ...

CVE-2018-202537.8

In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA / LZ...