CVE-2018-20251
published 2019-02-05CVE-2018-20251: In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format. The UNACE module…
PriorityP341medium5.5CVSS 3.0
AVLACLPRNUIRSUCNIHAN
EPSS
31.53%
98.1th percentile
In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format. The UNACE module (UNACEV2.dll) creates files and folders as written in the filename field even when WinRAR validator noticed the traversal attempt and requestd to abort the extraction process. the operation is cancelled only after the folders and files were created but prior to them being written, therefore allowing the attacker to create empty files and folders everywhere in the file system.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| check_point_software_technologies_ltd | winrar | — | — |
| rarlab | winrar | <= 5.61 | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Tenable
WinRAR Absolute Path Traversal Vulnerability Leads to Remote Code Execution (CVE-2018-20250)
blogs_tenable·2019-02-25·CVSS 7.8
[HIGH] WinRAR Absolute Path Traversal Vulnerability Leads to Remote Code Execution (CVE-2018-20250)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
WinRAR Absolute Path Traversal Vulnerability Leads to Remote Code Execution (CVE-2018-20250)
blogs_tenable·2019-02-25·CVSS 7.8
CVE-2018-20250 [HIGH] WinRAR Absolute Path Traversal Vulnerability Leads to Remote Code Execution (CVE-2018-20250)
Blog / Cyber Exposure Alerts
Subscribe
# WinRAR Absolute Path Traversal Vulnerability Leads to Remote Code Execution (CVE-2018-20250)
Satnam Narang
February 25, 2019
2 Min Read
A 19-year-old vulnerability in WinRAR’s ACE file format support (CVE-2018-20250) has been identified as part of an attack in the wild.
### Background
On February 20, researchers at Check Point Research (CPR) published a blog detailing their discovery of multiple vulnerabilities within a library used by WinRAR, a popular file compression tool, to extract ACE archives. When exploited, these vulnerabilities can lead to remote code execution. An exploit script was published to Github one day after CPR’s blog post. The 360 Threat Intelligence Center (TIC) has reportedly identified an in-the-wild sample that attemp
Checkpoint
Extracting a 19 Year Old Code Execution from WinRAR
blogs_checkpoint·2019-02-20
CVE-2018-20250 Extracting a 19 Year Old Code Execution from WinRAR
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
AI Research 2
Android Malware 23
Artificial Intelligence 4
ChatGPT 3
Check Point Research Publications 455
Cloud Security 1
CPRadio 44
Crypto 2
Data & Threat Intelligence 2
Data Analysis 0
Demos 22
Global Cyber Attack Reports 408
How To Guides 13
Ransomware 5
Russo-Ukrainian War 1
Security Report 1
Threat and data analysis 0
Threat Research 174
Web 3.0 Security 11
Wipers 0
## Extracting a 19 Year Old Code Execution from WinRAR
Research by: Nadav Grossman
## Introduction
In this article, we tell the story of how we found a logical bug using the WinAFL fuzzer
2019-02-05
Published