Vulnerability Details CVE-2018-20252
In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.6%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
Products affected by CVE-2018-20252
-
cpe:2.3:a:rarlab:winrar:-
-
cpe:2.3:a:rarlab:winrar:4.00
-
cpe:2.3:a:rarlab:winrar:4.01
-
cpe:2.3:a:rarlab:winrar:4.1.0
-
cpe:2.3:a:rarlab:winrar:4.10
-
cpe:2.3:a:rarlab:winrar:4.10.2
-
cpe:2.3:a:rarlab:winrar:4.11
-
cpe:2.3:a:rarlab:winrar:4.20
-
cpe:2.3:a:rarlab:winrar:5.00
-
cpe:2.3:a:rarlab:winrar:5.01
-
cpe:2.3:a:rarlab:winrar:5.10
-
cpe:2.3:a:rarlab:winrar:5.11
-
cpe:2.3:a:rarlab:winrar:5.20
-
cpe:2.3:a:rarlab:winrar:5.21
-
cpe:2.3:a:rarlab:winrar:5.30
-
cpe:2.3:a:rarlab:winrar:5.31
-
cpe:2.3:a:rarlab:winrar:5.40
-
cpe:2.3:a:rarlab:winrar:5.50