CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-20250

In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.932

EPSS Ranking 99.8%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 6.8

Proposed Action

WinRAR Absolute Path Traversal vulnerability leads to Remote Code Execution

Ransomware Campaign

Known

References

Products affected by CVE-2018-20250

Rarlab » Winrar » Version: N/A

cpe:2.3:a:rarlab:winrar:-
Rarlab » Winrar » Version: 4.00

cpe:2.3:a:rarlab:winrar:4.00
Rarlab » Winrar » Version: 4.01

cpe:2.3:a:rarlab:winrar:4.01
Rarlab » Winrar » Version: 4.1.0

cpe:2.3:a:rarlab:winrar:4.1.0
Rarlab » Winrar » Version: 4.10

cpe:2.3:a:rarlab:winrar:4.10
Rarlab » Winrar » Version: 4.10.2

cpe:2.3:a:rarlab:winrar:4.10.2
Rarlab » Winrar » Version: 4.11

cpe:2.3:a:rarlab:winrar:4.11
Rarlab » Winrar » Version: 4.20

cpe:2.3:a:rarlab:winrar:4.20
Rarlab » Winrar » Version: 5.00

cpe:2.3:a:rarlab:winrar:5.00
Rarlab » Winrar » Version: 5.01

cpe:2.3:a:rarlab:winrar:5.01
Rarlab » Winrar » Version: 5.10

cpe:2.3:a:rarlab:winrar:5.10
Rarlab » Winrar » Version: 5.11

cpe:2.3:a:rarlab:winrar:5.11
Rarlab » Winrar » Version: 5.20

cpe:2.3:a:rarlab:winrar:5.20
Rarlab » Winrar » Version: 5.21

cpe:2.3:a:rarlab:winrar:5.21
Rarlab » Winrar » Version: 5.30

cpe:2.3:a:rarlab:winrar:5.30
Rarlab » Winrar » Version: 5.31

cpe:2.3:a:rarlab:winrar:5.31
Rarlab » Winrar » Version: 5.40

cpe:2.3:a:rarlab:winrar:5.40
Rarlab » Winrar » Version: 5.50

cpe:2.3:a:rarlab:winrar:5.50

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-20250

Products

Pricing

Contact Us