Vulnerability Database
299,751
Total vulnerabilities in the database
CVE-2018-20250
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.
| Software | From | Fixed in |
|---|---|---|
| rarlab / winrar | - | 5.61.x |
- http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html
- http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace
- http://www.securityfocus.com/bid/106948
- https://github.com/blau72/CVE-2018-20250-WinRAR-ACE
- https://research.checkpoint.com/extracting-code-execution-from-winrar/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-20250
- https://www.exploit-db.com/exploits/46552/
- https://www.exploit-db.com/exploits/46756/
- https://www.win-rar.com/whatsnew.html
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime