CVE-2024-30370Protection Mechanism Failure in Winrar

CWE-693Protection Mechanism Failure3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 34.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Rarlab Winrar
Timeline
PublishedApr 2

Description

RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific action on a malicious page. The specific flaw exists within the archive extraction functionality. A crafted archive entry can cause the creation of an arbitrary file without the Mark-Of-The-Web. An attacker

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5rarlab/winrar7.00 beta 4 (64-bit)
NVDrarlab/winrar7.00

🔴Vulnerability Details

2
CVEList
RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability2024-04-02
GHSA
GHSA-w74v-5f39-6xgq: RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability2024-04-02
CVE-2024-30370 — Protection Mechanism Failure in Winrar | cvebase