CVE-2018-20252

Published: Feb 5, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Affected (1)

Products: Rarlab: Winrar

Rarlab

1 product

Winrar

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Rarlab Winrar	Up to 5.60

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (6)

http://www.securityfocus.com/bid/106948

Source: cve@checkpoint.com

Third Party AdvisoryVDB Entry

https://research.checkpoint.com/extracting-code-execution-from-winrar/

Source: cve@checkpoint.com

ExploitThird Party Advisory

https://www.win-rar.com/whatsnew.html

Source: cve@checkpoint.com

Release NotesVendor Advisory

http://www.securityfocus.com/bid/106948

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://research.checkpoint.com/extracting-code-execution-from-winrar/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.win-rar.com/whatsnew.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.