CVE-2018-20250
published 2019-02-05CVE-2018-20250: In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When…
PriorityP193high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITWEXPLOITRansomwareInitial access
CISA Known Exploited Vulnerabilitydue 2022-08-15
Exploited in the wild
EPSS
96.27%
99.9th percentile
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| check_point_software_technologies_ltd | winrar | — | — |
| rarlab | winrar | <= 5.61 | — |
Detection & IOCsextracted from sources · hover to see the quote
snort↗
49289 - 49292
- →CVE-2018-20250 exploits the ACE archive format via a crafted filename field in UNACEV2.dll to perform absolute path traversal, dropping malicious files directly into the Windows Startup folder for persistence without user interaction. ↗
- →Monitor for regsvr32.exe making outbound network connections, which is used in the chained CVE-2017-11882 + CVE-2018-20250 attack to download the next-stage payload (123.sct). ↗
- →The backdoor malware connects to http://icanhazip.com to retrieve the victim's external IP address prior to C2 beaconing; monitor for non-browser processes making HTTP requests to icanhazip.com. ↗
- →The first in-the-wild CVE-2018-20250 exploit delivered a backdoor generated by Metasploit Framework (MSF) written to the global startup folder; the backdoor phoned home to 138.204.171.108:443. ↗
- →The Chinese-targeted campaign's conf.exe is infected by Sality file infector; when executed, both the backdoor payload and Sality infector shellcode run simultaneously — scan dropped files from ACE archives for Sality signatures. ↗
- →The watering-hole delivery script checks for a Windows OS cookie before serving the exploit; monitor injected JavaScript on compromised sites that checks cookie data for OS fingerprinting prior to delivering ACE exploit archives. ↗
- ·The C2 beacon check against www.360.cn/status/getsign.asp always fails during testing, meaning this C2 pre-check mechanism appears non-functional in observed samples and should not be relied upon as a definitive indicator of active C2 communication. ↗
- ·The UNACEV2.dll library exploited by CVE-2018-20250 had not been updated since 2005; WinRAR's mitigation was to drop ACE archive support entirely in version 5.70 Beta 1 rather than patch the DLL. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
WinRAR Absolute Path Traversal Vulnerability
cisa·2022-02-15·CVSS 7.8
CVE-2018-20250 [HIGH] CWE-36 WinRAR Absolute Path Traversal Vulnerability
Vulnerability: WinRAR Absolute Path Traversal Vulnerability
Affected: RARLAB WinRAR
WinRAR Absolute Path Traversal vulnerability leads to Remote Code Execution
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2018-20250
Remediation Due Date: 2022-08-15
GHSA
GHSA-7v9q-j964-43qc: In WinRAR versions prior to and including 5
ghsa_unreviewed·2022-05-13
CVE-2018-20250 [HIGH] CWE-22 GHSA-7v9q-j964-43qc: In WinRAR versions prior to and including 5
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.
VulnCheck
WinRAR Absolute Path Traversal Vulnerability
vulncheck·2018·CVSS 7.8
CVE-2018-20250 [HIGH] CWE-36 WinRAR Absolute Path Traversal Vulnerability
WinRAR Absolute Path Traversal Vulnerability
WinRAR Absolute Path Traversal vulnerability leads to Remote Code Execution
Affected: RARLAB WinRAR
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://cert.gov.ua/article/2695; https://ti.qianxin.com/blog/articles/apt-c-27-%28goldmouse%29:-suspected-target-attack-against-the-middle-east-with-winrar-exploit-en/; https://symantec-blogs.broadcom.com/blogs/threat-intelligence/elfin-apt33-espionage; https://web.archive.org/web/20220227045141/https://risksense.com/wp-content/uploads/2019/09/RiskSense-Spotlight-Report-Ransomware.pdf; https://www.csk.gov.in/alerts/STOP_ransomware.html; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https
Suricata
ET EXPLOIT WinRAR WinAce Containing CVE-2018-20250 Inbound - Path Traversal leading to RCE
suricata·2019-05-01·CVSS 7.8
CVE-2018-20250 [HIGH] ET EXPLOIT WinRAR WinAce Containing CVE-2018-20250 Inbound - Path Traversal leading to RCE
ET EXPLOIT WinRAR WinAce Containing CVE-2018-20250 Inbound - Path Traversal leading to RCE
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT WinRAR WinAce Containing CVE-2018-20250 Inbound - Path Traversal leading to RCE"; flow:established,to_client; http.stat_code; content:"200"; file.data; content:"**ACE**"; offset:7; depth:7; fast_pattern; content:"|00|"; distance:0; pcre:"/^(?:(\S\:\\){2,}|\S\:\\\S\:\S\:|S\:\\\\\\([0-9]{1,3}\.){3}[0-9]{1,3}|\S\:\\\\\\([a-z0-9\-]{1,30}\.){1,8}[a-z]{1,8})/R"; classtype:attempted-admin; sid:2027310; rev:5; metadata:created_at 2019_05_01, cve CVE_2018_20250, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag WinRAR, tag ACE, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 20
YARA
CVE_2018_20250
yara·CVSS 7.8
CVE-2018-20250 [HIGH] CVE_2018_20250
rule CVE_2018_20250 : AceArchive UNACEV2_DLL_EXP
{
meta:
description = "Generic rule for hostile ACE archive using CVE-2018-20250"
author = "[email protected]"
date = "2019-03-17"
reference = "https://research.checkpoint.com/extracting-code-execution-from-winrar/"
// May only the challenge guide you
strings:
$string1 = "**ACE**" ascii wide
$string2 = "*UNREGISTERED VERSION*" ascii wide
// $hexstring1 = C:\C:\
$hexstring1 = {?? 3A 5C ?? 3A 5C}
// $hexstring2 = C:\C:C:..
$hexstring2 = {?? 3A 5C ?? 3A ?? 3A 2E}
condition:
$string1 at 7 and $string2 at 31 and 1 of ($hexstring*)
}
Exploit-DB
RARLAB WinRAR 5.61 - ACE Format Input Validation Remote Code Execution (Metasploit)
exploitdb·2019-04-25
CVE-2018-20250 RARLAB WinRAR 5.61 - ACE Format Input Validation Remote Code Execution (Metasploit)
RARLAB WinRAR 5.61 - ACE Format Input Validation Remote Code Execution (Metasploit)
---
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
#
# TODO: add other non-payload files
class MetasploitModule 'RARLAB WinRAR ACE Format Input Validation Remote Code Execution',
'Description' => %q{
In WinRAR versions prior to and including 5.61, there is path traversal vulnerability
when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename
field is manipulated with specific patterns, the destination (extraction) folder is
ignored, thus treating the filename as an absolute path. This module will attempt to
extract a payload to the startup folder of the current user. It is limited such
Exploit-DB
WinRAR 5.61 - Path Traversal
exploitdb·2019-02-22
CVE-2018-20250 WinRAR 5.61 - Path Traversal
WinRAR 5.61 - Path Traversal
---
#!/usr/bin/env python3
import os
import re
import zlib
import binascii
# The archive filename you want
rar_filename = "test.rar"
# The evil file you want to run
evil_filename = "calc.exe"
# The decompression path you want, such shown below
target_filename = r"C:\C:C:../AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hi.exe"
# Other files to be displayed when the victim opens the winrar
# filename_list=[]
filename_list = ["hello.txt", "world.txt"]
class AceCRC32:
def __init__(self, buf=b''):
self.__state = 0
if len(buf) > 0:
self += buf
def __iadd__(self, buf):
self.__state = zlib.crc32(buf, self.__state)
return self
def __eq__(self, other):
return self.sum == other
def __format__(self, format_spec):
return self.sum.__format__(format_sp
Metasploit
RARLAB WinRAR ACE Format Input Validation Remote Code Execution
metasploit
RARLAB WinRAR ACE Format Input Validation Remote Code Execution
RARLAB WinRAR ACE Format Input Validation Remote Code Execution
In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path. This module will attempt to extract a payload to the startup folder of the current user. It is limited such that we can only go back one folder. Therefore, for this exploit to work properly, the user must extract the supplied RAR file from one folder within the user profile folder (e.g. Desktop or Downloads). User restart is required to gain a shell.
Wiz
What is APT33? | Wiz
blogs_wiz·2026-02-06
What is APT33? | Wiz
## Who is APT33?
APT33 is an Iranian state-sponsored advanced persistent threat (APT) group that has been conducting cyber espionage operations since at least 2013. The group is distinct from other Iranian actors due to its specific focus on aerospace and energy sectors, aiming to steal intellectual property that directly benefits Iran's domestic industries. Security researchers assess that APT33 likely operates in support of Iran's Islamic Revolutionary Guard Corps (IRGC), based on targeting patterns that align with national military priorities. This assessment reflects moderate-to-high confidence attribution derived from operational timing, victim selection, and tooling overlap with other Iranian clusters.
Click to view the Cloud Threat Landscape
### Attribution and aliases
Security
Wiz
What is APT33? | Wiz
blogs_wiz·2026-02-06
What is APT33? | Wiz
## Who is APT33?
APT33 is an Iranian state-sponsored advanced persistent threat (APT) group that has been conducting cyber espionage operations since at least 2013. The group is distinct from other Iranian actors due to its specific focus on aerospace and energy sectors, aiming to steal intellectual property that directly benefits Iran's domestic industries. Security researchers assess that APT33 likely operates in support of Iran's Islamic Revolutionary Guard Corps (IRGC), based on targeting patterns that align with national military priorities. This assessment reflects moderate-to-high confidence attribution derived from operational timing, victim selection, and tooling overlap with other Iranian clusters.
## Attribution and aliases
Security vendors often track the same threat actors
Talos
What the continued escalation of tensions in the Middle East means for security
blogs_talos·2020-01-08
What the continued escalation of tensions in the Middle East means for security
Cisco Talos works with many organizations around the world, monitoring and protecting against sophisticated threats every day. As such, we are watching the current state of events in the Middle East very closely for our customers and partners who may be impacted by the ongoing situation. We are continuing to evaluate potential threats and attack vectors, especially related to critical infrastructure and high-profile businesses and industries.
A challenge with protecting against state-sponsored campaigns is that the primary and ideal targets are potentially already compromised, either by a specific adversary or their allies who would be amenable to acting on their behalf. In previous research, Talos has observed footholds like this that can go undetected for extended periods, waiting to be
Talos
What the continued escalation of tensions in the Middle East means for security
blogs_talos·2020-01-08
What the continued escalation of tensions in the Middle East means for security
## What the continued escalation of tensions in the Middle East means for security
Cisco Talos works with many organizations around the world, monitoring and protecting against sophisticated threats every day. As such, we are watching the current state of events in the Middle East very closely for our customers and partners who may be impacted by the ongoing situation. We are continuing to evaluate potential threats and attack vectors, especially related to critical infrastructure and high-profile businesses and industries.
A challenge with protecting against state-sponsored campaigns is that the primary and ideal targets are potentially already compromised, either by a specific adversary or their allies who would be amenable to acting on their behalf. In previous research, Talos has obs
Qualys
Top 19+ Vulnerability CVEs in Santa’s Dashboard Tracking
blogs_qualys·2019-12-27·CVSS 8.8
[HIGH] Top 19+ Vulnerability CVEs in Santa’s Dashboard Tracking
A recent report identified 19+ vulnerabilities that should be mitigated by end of year 2019. These are a range of top vulnerabilities attacked and leveraged by Advance Persistent Threat (APT) actors from all parts of the world.
The list below shows those top 19 vulnerabilities, and it should be no surprise that you can easily track and remediate them via a dashboard within Qualys. Import the dashboard into your subscription for easy insight into what assets and vulnerabilities in your organization are at risk.
No.
CVE
Products Affected by CVE
CVSS Score (NVD)
Examples of Threat Actors
1
CVE-2017-11882
Microsoft Office
7.8
APT32 (Vietnam), APT34 (Iran), APT40 (China), APT-C-35 (India), Cobalt Group (Spain, Ukraine), Silent Group (Russia), Lotus Blossom (China), FIN7 (Russia)
2
Qualys
Top 19+ Vulnerability CVEs in Santa’s Dashboard Tracking | Qualys
blogs_qualys·2019-12-27·CVSS 8.8
[HIGH] Top 19+ Vulnerability CVEs in Santa’s Dashboard Tracking | Qualys
A recent report identified 19+ vulnerabilities that should be mitigated by end of year 2019. These are a range of top vulnerabilities attacked and leveraged by Advance Persistent Threat (APT) actors from all parts of the world.
The list below shows those top 19 vulnerabilities, and it should be no surprise that you can easily track and remediate them via a dashboard within Qualys. Import the dashboard into your subscription for easy insight into what assets and vulnerabilities in your organization are at risk.
No.
CVE
Products Affected by CVE
CVSS Score (NVD)
Examples of Threat Actors
1
CVE-2017-11882
Microsoft Office
7.8
APT32 (Vietnam), APT34 (Iran), APT40 (China), APT-C-35 (India), Cobalt Group (Spain, Ukraine), Silent Group (Russia), Lotus Blossom (China), FIN7 (Russia)
2
CVE-2018-
Fortinet
Tricky Chinese-Targeted Trojan Bypasses Authentication
blogs_fortinet·2019-08-07
CVE-2018-20250 Tricky Chinese-Targeted Trojan Bypasses Authentication
FORTIGUARD LABS THREAT RESEARCH
Tricky Chinese-Targeted Trojan Bypasses Authentication
By Yueh-Ting Chen | August 07, 2019
AFortiGuard Labs Threat Analysis Report
Introduction
FortiGuard Labs uncovered a new campaign targeted at Chinese-speakers using malware that bypasses normal authentication by exploiting known WinRAR file (cve-2018-20250) and RTF file (cve-2017-11882) vulnerabilities. This attack uses a watering hole attack strategy to target Chinese-speaking users by delivering malware through a hacked Chinese news site. Based on our analysis, the campaign also appears to be experimental because it uses so many different techniques and tools to target this end user community.
We first discovered this backdoor malware campaign in 2017, and over the years it has continued to upgra
Securelist
IT threat evolution Q1 2019
blogs_securelist·2019-05-23
IT threat evolution Q1 2019
Table of Contents
- Targeted attacks and malware campaigns
- Other malware news
Authors
- David Emm
## Targeted attacks and malware campaigns
### Go Zebrocy
Zebrocy was first observed being used as a Sofacy backdoor in 2015. However, the collection of cases where this tool has been used mean that we consider it a subset of activity in its own right. On the basis of this threat actor’s past behaviour, we predicted last year that Zebrocy would continue to innovate in its malware development. The group has developed using Delphi, AutoIT, .NET, C# and PowerShell. Since May 2018, Zebrocy has added the “Go” language to its arsenal – the first time that we have observed a well-known APT threat actor deploy malware with this compiled open-source language.
Zebrocy continues to target governm
Securelist
IT threat evolution Q1 2019. Statistics
blogs_securelist·2019-05-23
IT threat evolution Q1 2019. Statistics
Table of Contents
- Quarterly figures
- Mobile threats
- Attacks on Apple macOS
- IoT attacks
- Financial threats
- Ransomware programs
- Miners
- Vulnerable applications used by cybercriminals
- Attacks via web resources
- Local threats
Authors
- Victor Chebyshev
- Fedor Sinitsyn
- Denis Parinov
- Boris Larin
- Oleg Kupreev
- Evgeny Lopatin
These statistics are based on detection verdicts of Kaspersky Lab products received from users who consented to provide statistical data.
## Quarterly figures
According to Kaspersky Security Network,
- Kaspersky Lab solutions blocked 843,096,461 attacks launched from online resources in 203 countries across the globe.
- 113,640,221 unique URLs were recognized as malicious by Web Anti-Virus components.
- Attempted infections by malware designed t
Fortinet
Predator the Thief: New Routes of Delivery
blogs_fortinet·2019-04-18·CVSS 7.8
[HIGH] Predator the Thief: New Routes of Delivery
FORTIGUARD LABS THREAT RESEARCH
Predator the Thief: New Routes of Delivery
By Yueh-Ting Chen and Evgeny Ananin | April 18, 2019
A FortiGuard Labs Threat Analysis Paper
Introduction
In March 2019, FortiGuard Labs discovered a running campaign against Russian-speakers using a new version of “Predator the Thief” stealer malware. The same actor was using one set of dummy files to deliver the stealer via different forms of phishing, including Zipped files, fake documents, fake pdfs, and the WinRAR exploit described in CVE-2018-20250.
In this article, we observe the way the author sells this malware on hacking and game cheating forums, as well as how it is maintained and updated. After that, we look at the malware code and examine the traps it contains. Finally, we show how a malware custom
Tenable
WinRAR Absolute Path Traversal Vulnerability Leads to Remote Code Execution (CVE-2018-20250)
blogs_tenable·2019-02-25·CVSS 7.8
[HIGH] WinRAR Absolute Path Traversal Vulnerability Leads to Remote Code Execution (CVE-2018-20250)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
WinRAR Absolute Path Traversal Vulnerability Leads to Remote Code Execution (CVE-2018-20250)
blogs_tenable·2019-02-25·CVSS 7.8
CVE-2018-20250 [HIGH] WinRAR Absolute Path Traversal Vulnerability Leads to Remote Code Execution (CVE-2018-20250)
Blog / Cyber Exposure Alerts
Subscribe
# WinRAR Absolute Path Traversal Vulnerability Leads to Remote Code Execution (CVE-2018-20250)
Satnam Narang
February 25, 2019
2 Min Read
A 19-year-old vulnerability in WinRAR’s ACE file format support (CVE-2018-20250) has been identified as part of an attack in the wild.
### Background
On February 20, researchers at Check Point Research (CPR) published a blog detailing their discovery of multiple vulnerabilities within a library used by WinRAR, a popular file compression tool, to extract ACE archives. When exploited, these vulnerabilities can lead to remote code execution. An exploit script was published to Github one day after CPR’s blog post. The 360 Threat Intelligence Center (TIC) has reportedly identified an in-the-wild sample that attemp
Checkpoint
Extracting a 19 Year Old Code Execution from WinRAR
blogs_checkpoint·2019-02-20
CVE-2018-20250 Extracting a 19 Year Old Code Execution from WinRAR
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
AI Research 2
Android Malware 23
Artificial Intelligence 4
ChatGPT 3
Check Point Research Publications 455
Cloud Security 1
CPRadio 44
Crypto 2
Data & Threat Intelligence 2
Data Analysis 0
Demos 22
Global Cyber Attack Reports 408
How To Guides 13
Ransomware 5
Russo-Ukrainian War 1
Security Report 1
Threat and data analysis 0
Threat Research 174
Web 3.0 Security 11
Wipers 0
## Extracting a 19 Year Old Code Execution from WinRAR
Research by: Nadav Grossman
## Introduction
In this article, we tell the story of how we found a logical bug using the WinAFL fuzzer
Threat Intel
APT33 (APT33, HOLMIUM, Elfin)
threat_intel
APT33 (APT33, HOLMIUM, Elfin)
# Threat Actor Profile: APT33
ATT&CK ID: G0064
Also known as: APT33, HOLMIUM, Elfin, Peach Sandstorm
Suspected origin: Iran
## Overview
APT33 is a suspected Iranian threat group that has carried out operations since at least 2013. The group has targeted organizations across multiple industries in the United States, Saudi Arabia, and South Korea, with a particular interest in the aviation and energy sectors.(Citation: FireEye APT33 Sept 2017)(Citation: FireEye APT33 Webinar Sept 2017)
## Techniques (TTPs)
### Resource Development
- T1588.002 Tool
Usage: APT33 has obtained and leveraged publicly-available tools for early intrusion activities.(Citation: FireEye APT33 Guardrail)(Citation: Symantec Elfin Mar 2019)
### Initial Access
- T1566.001 Spearphishing Attachment
Usage: APT33 has sent
arXiv
Investigation of Advanced Persistent Threats Network-based Tactics, Techniques and Procedures
arxiv_fulltext·2025-02-12
Investigation of Advanced Persistent Threats Network-based Tactics, Techniques and Procedures
Investigation of Advanced Persistent Threats Network-based Tactics, Techniques and Procedures
Almuthanna Alageel
and
Sergio Maffeis
Department of Computing
Imperial College London
London, United Kingdom
plain
plain
## Abstract
The scarcity of data and the high complexity of Advanced Persistent Threats (APTs) attacks have created challenges in comprehending their behavior and hindered the exploration of effective detection techniques.
To create an effective APT detection strategy, it is important to examine the Tactics, Techniques, and Procedures (TTPs) that have been reported by the industry. These TTPs can be difficult to classify as either malicious or legitimate. When developing an approach for the next generation of network intrusion detection systems (NIDS), it is necessary to
Bugzilla
URI Handler Command Injection Vulnerability [iDefense V-bsk2ottbf1]
bugzilla·2019-08-09
[MEDIUM] URI Handler Command Injection Vulnerability [iDefense V-bsk2ottbf1]
URI Handler Command Injection Vulnerability [iDefense V-bsk2ottbf1]
Created attachment 9084402
PoC html file
The following email received from [email protected]
-------- Forwarded Message --------
Subject: Fwd: iDefense Vendor Notification - [V-bsk2ottbf1]
Date: Fri, 9 Aug 2019 17:51:29 +0000
From: Vendor Disclosure
To: [email protected]
CC: Vendor Disclosure
Please find the attached report and PoC for this issue.
Thanks,
Rohit Mothe
iDefense Labs
-------- Forwarded Message --------
Subject: iDefense Vendor Notification - [V-bsk2ottbf1]
Date: Fri, 9 Aug 2019 17:48:58 +0000
From: [email protected]
Reply-To: [email protected]
To: [email protected]
iDefense has identified a vulnerability. This vulnerability was submitted to iDefense through
http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.htmlhttp://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_acehttp://www.securityfocus.com/bid/106948https://github.com/blau72/CVE-2018-20250-WinRAR-ACEhttps://research.checkpoint.com/extracting-code-execution-from-winrar/https://www.exploit-db.com/exploits/46552/https://www.exploit-db.com/exploits/46756/https://www.win-rar.com/whatsnew.htmlhttp://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.htmlhttp://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_acehttp://www.securityfocus.com/bid/106948https://github.com/blau72/CVE-2018-20250-WinRAR-ACEhttps://research.checkpoint.com/extracting-code-execution-from-winrar/https://www.exploit-db.com/exploits/46552/https://www.exploit-db.com/exploits/46756/https://www.win-rar.com/whatsnew.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-20250
2019-02-05
Published
2022-02-15
Added to CISA KEV
Exploited in the wild