Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-20250

In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.

Published

2019-02-05T20:29:00.243

Last Modified

2025-03-13T17:07:28.570

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-36
Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	rarlab	winrar	≤ 5.61	Yes

References

http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html Exploit, Third Party Advisory, VDB Entry ([email protected])
http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/106948 Broken Link, Third Party Advisory, VDB Entry ([email protected])
https://github.com/blau72/CVE-2018-20250-WinRAR-ACE Exploit, Third Party Advisory ([email protected])
https://research.checkpoint.com/extracting-code-execution-from-winrar/ Exploit, Press/Media Coverage, Third Party Advisory ([email protected])
https://www.exploit-db.com/exploits/46552/ Exploit, Third Party Advisory, VDB Entry ([email protected])
https://www.exploit-db.com/exploits/46756/ Exploit, Third Party Advisory, VDB Entry ([email protected])
https://www.win-rar.com/whatsnew.html Release Notes ([email protected])
http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/106948 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/blau72/CVE-2018-20250-WinRAR-ACE Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://research.checkpoint.com/extracting-code-execution-from-winrar/ Exploit, Press/Media Coverage, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/46552/ Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/46756/ Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://www.win-rar.com/whatsnew.html Release Notes (af854a3a-2127-422b-91ae-364da2661108)