Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCheckpointCVE-2018-20252
HistoryFeb 05, 2019 - 8:29 p.m.

CVE-2018-20252

2019-02-0520:29:00
CWE-787
checkpoint
web.nvd.nist.gov
56
cve
winrar
vulnerability
code execution
nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

65.1%

JSON

In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Affected configurations

Nvd
Node
rarlabwinrarRange5.60
VendorProductVersionCPE
rarlabwinrar*cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "WinRAR",
    "vendor": "Check Point Software Technologies Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior and including 5.60"
      }
    ]
  }
]

Related

nvd 1
cvelist 1
prion 1
kaspersky 1
threatpost 1
myhack58 1
nessus 1
nvd
nvd
CVE-2018-20252
2019-02-05 20:29:00
cvelist
cvelist
CVE-2018-20252
2019-02-05 20:00:00
prion
prion
Out-of-bounds
2019-02-05 20:29:00
kaspersky
kaspersky
KLA11427 Multiple ACE vulnerabilities in WinRAR
2019-02-05 00:00:00
threatpost
threatpost
19-Year-Old WinRAR Flaw Plagues 500 Million Users
2019-02-21 15:05:45
myhack58
myhack58
WinRAR aeration elder has a major vulnerability that hackers can be malicious programs implanted in the boot process-vulnerability warning-the black bar safety net
2019-02-22 00:00:00
nessus
nessus
RARLAB WinRAR < 5.70 Beta 1 Multiple Vulnerabilities
2019-02-27 00:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

65.1%

JSON
Related for CVE-2018-20252
nvd1cvelist1prion1kaspersky1threatpost1myhack581nessus1