← Back

CVE-2024-36052

nvd nist
Published: May 21, 2024Modified: Jun 20, 2025

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Exploitability: 3.9 / Impact: 3.6
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI escape sequences, a different issue than CVE-2024-33899.

Affected (1)

Products: Rarlab: Winrar
Rarlab
1 product
Winrar
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Winrar
Before 7.00
Running on/withPlatform Versions
Microsoft
Windows
All versions

Related CWEs

CWE-150
Improper Neutralization of Escape, Meta, or Control Sequences
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.

References (4)

Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes

Timeline

No history available yet.