[CVE-2018-20250] WinRAR Absolute Path Traversal Vulnerability

NVD 상세 정보

설명: In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.

CWE: CWE-36 | CWE-22

참조

• http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html [Exploit, Third Party Advisory, VDB Entry]
• http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace [Third Party Advisory]
• http://www.securityfocus.com/bid/106948 [Broken Link, Third Party Advisory, VDB Entry]
• https://github.com/blau72/CVE-2018-20250-WinRAR-ACE [Exploit, Third Party Advisory]
• https://research.checkpoint.com/extracting-code-execution-from-winrar/ [Exploit, Press/Media Coverage, Third Party Advisory]
• https://www.exploit-db.com/exploits/46552/ [Exploit, Third Party Advisory, VDB Entry]
• https://www.exploit-db.com/exploits/46756/ [Exploit, Third Party Advisory, VDB Entry]
• https://www.win-rar.com/whatsnew.html [Release Notes]
• http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html [Exploit, Third Party Advisory, VDB Entry]
• http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace [Third Party Advisory]
• http://www.securityfocus.com/bid/106948 [Broken Link, Third Party Advisory, VDB Entry]
• https://github.com/blau72/CVE-2018-20250-WinRAR-ACE [Exploit, Third Party Advisory]
• https://research.checkpoint.com/extracting-code-execution-from-winrar/ [Exploit, Press/Media Coverage, Third Party Advisory]
• https://www.exploit-db.com/exploits/46552/ [Exploit, Third Party Advisory, VDB Entry]
• https://www.exploit-db.com/exploits/46756/ [Exploit, Third Party Advisory, VDB Entry]
• ... 외 2건