Lucene search
CheckpointCVELIST:CVE-2018-20251HistoryFeb 05, 2019 - 12:00 a.m.
CVE-2018-20251
2019-02-0500:00:00
CWE-693
checkpoint
www.cve.org
1
In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format. The UNACE module (UNACEV2.dll) creates files and folders as written in the filename field even when WinRAR validator noticed the traversal attempt and requestd to abort the extraction process. the operation is cancelled only after the folders and files were created but prior to them being written, therefore allowing the attacker to create empty files and folders everywhere in the file system.
CNA Affected
[
{
"product": "WinRAR",
"vendor": "Check Point Software Technologies Ltd.",
"versions": [
{
"status": "affected",
"version": "All versions prior and including 5.61"
}
]
}
]Related
nvd
nvd
CVE-2018-20251
2019-02-05 20:29:00
cve
cve
CVE-2018-20251
2019-02-05 20:29:00
prion
prion
Path traversal
2019-02-05 20:29:00
myhack58
myhack58
threatpost
threatpost
19-Year-Old WinRAR Flaw Plagues 500 Million Users
2019-02-21 15:05:45
nessus
nessus
RARLAB WinRAR < 5.70 Beta 1 Multiple Vulnerabilities
2019-02-27 00:00:00
kaspersky
kaspersky
KLA11427 Multiple ACE vulnerabilities in WinRAR
2019-02-05 00:00:00