CVE-2018-20250
KEVWinRAR Absolute Path Traversal Vulnerability
7.8
HighPublished:
Last updated:
Source:cve@checkpoint.com
Analyzed
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Local
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- Required
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- High
Description
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.
Exploits
467562019-04-25localWindows
RARLAB WinRAR 5.61 - ACE Format Input Validation Remote Code Execution (Metasploit)
By Metasploit
References
cve@checkpoint.com
http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.htmlcve@checkpoint.com
http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_acecve@checkpoint.com
http://www.securityfocus.com/bid/106948cve@checkpoint.com
https://github.com/blau72/CVE-2018-20250-WinRAR-ACEcve@checkpoint.com
https://research.checkpoint.com/extracting-code-execution-from-winrar/cve@checkpoint.com
https://www.exploit-db.com/exploits/46552/cve@checkpoint.com
https://www.exploit-db.com/exploits/46756/cve@checkpoint.com
https://www.win-rar.com/whatsnew.htmlaf854a3a-2127-422b-91ae-364da2661108
http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.htmlaf854a3a-2127-422b-91ae-364da2661108
http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_aceaf854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/106948af854a3a-2127-422b-91ae-364da2661108
https://github.com/blau72/CVE-2018-20250-WinRAR-ACEaf854a3a-2127-422b-91ae-364da2661108
https://research.checkpoint.com/extracting-code-execution-from-winrar/af854a3a-2127-422b-91ae-364da2661108
https://www.exploit-db.com/exploits/46552/af854a3a-2127-422b-91ae-364da2661108
https://www.exploit-db.com/exploits/46756/af854a3a-2127-422b-91ae-364da2661108
https://www.win-rar.com/whatsnew.html134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-20250