In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.
[
{
"product": "WinRAR",
"vendor": "Check Point Software Technologies Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions prior and including 5.61"
}
]
}
]
packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html
www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace
www.securityfocus.com/bid/106948
github.com/blau72/CVE-2018-20250-WinRAR-ACE
research.checkpoint.com/extracting-code-execution-from-winrar/
www.exploit-db.com/exploits/46552/
www.exploit-db.com/exploits/46756/
www.win-rar.com/whatsnew.html