Vulnerability detail
Enriched intelligence for a single CVE
High
CVE-2018-20250
PUBLISHEDIn WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in...
- Vendor
- Check Point Software Technologies Ltd.
- Product
- WinRAR
- Published
- Feb 05, 2019
- EPSS
- —
Description
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.
CVSS scores
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AV:N/AC:M/Au:N/C:P/I:P/A:P
SSVC decision points
- Exploitation
- active
- Automatable
- No
- Technical impact
- total
References
- https://github.com/blau72/CVE-2018-20250-WinRAR-ACE
- https://research.checkpoint.com/extracting-code-execution-from-winrar/
- https://www.exploit-db.com/exploits/46552/
- http://www.securityfocus.com/bid/106948
- https://www.win-rar.com/whatsnew.html
- http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html
- http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace
- https://www.exploit-db.com/exploits/46756/
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Feb 15, 2022 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/winrar_ace.rb | Apr 28, 2025 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2024-04-26 01:18:45 UTC · 0 stars
github · Created 2023-12-26 11:01:32 UTC · 0 stars
github · Created 2022-03-25 13:02:41 UTC · 0 stars
github · Created 2020-02-17 15:08:22 UTC · 1 stars
这资源是作者复现微软签字证书漏洞CVE-2020-0601,结合相关资源及文章实现。推荐大家结合作者博客,复现了该漏洞和理解恶意软件自启动劫持原理。作为网络安全初学者,自己确实很菜,但希望坚持下去,一起加油!
github · Created 2019-05-16 20:21:50 UTC · 0 stars
This program is an script developed in Python which exploit the ACE vulnerability on WinRar - Vulnerability CVE-2018-20250
github · Created 2019-04-25 02:30:50 UTC · 0 stars
github · Created 2019-03-19 14:51:52 UTC · 0 stars
Herramienta para revisar si es que un payload tiene componente malicioso de acuerdo a CVE-2018-20250
github · Created 2019-03-11 07:33:45 UTC · 0 stars
github · Created 2019-03-08 12:27:12 UTC · 7 stars
CVE-2018-20250-WINRAR-ACE Exploit with a UI
github · Created 2019-02-28 17:07:52 UTC · 2 stars
github · Created 2019-02-23 01:20:34 UTC · 21 stars
Proof of concept code in C# to exploit the WinRAR ACE file extraction path (CVE-2018-20250).
github · Created 2019-02-22 14:19:20 UTC · 0 stars
A version of the binary patched to address CVE-2018-20250
github · Created 2019-02-22 13:18:14 UTC · 0 stars
github · Created 2019-02-22 06:47:01 UTC · 25 stars
010 Editor template for ACE archive format & CVE-2018-2025[0-3]
github · Created 2019-02-22 04:52:08 UTC · 489 stars
exp for https://research.checkpoint.com/extracting-code-execution-from-winrar
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Exploit Used in Malware
-
Added to KEVIntel
-
Detected by Metasploit