CVE-2018-20251
MEDIUMWinRAR <= 5.61 - Path Traversal via ACE Filename Field
Title source: llmDescription
In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format. The UNACE module (UNACEV2.dll) creates files and folders as written in the filename field even when WinRAR validator noticed the traversal attempt and requestd to abort the extraction process. the operation is cancelled only after the folders and files were created but prior to them being written, therefore allowing the attacker to create empty files and folders everywhere in the file system.
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://research.checkpoint.com/extracting-code-execution-from-winrar/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106948
Release Notes, Vendor Advisory x_refsource_misc
https://www.win-rar.com/whatsnew.html
Scores
CVSS v3
5.5
EPSS
0.3153
EPSS Percentile
98.1%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-22
CWE-693
Status
published
Products (1)
rarlab/winrar
< 5.61
Published
Feb 05, 2019
Tracked Since
Feb 18, 2026