In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.
oryginał ENCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HRarlab Winrar
APPRarlab≤ 5.61
CISA KEV — szczegółyi
- Dostawcai
- RARLAB
- Produkti
- WinRAR
- Data dodania do KEVi
- 15 lutego 2022
- Termin remediation (USA)i
- 15 sierpnia 2022(po terminie)
- Ransomwarei
- Aktywne kampanie ransomware używają tej podatności
Zastosuj aktualizacje zgodnie z instrukcjami producenta.
▸ Pokaż oryginał (EN)
Apply updates per vendor instructions.
Luka WinRAR Absolute Path Traversal prowadzi do Remote Code Execution
▸ Pokaż oryginał (EN)
WinRAR Absolute Path Traversal vulnerability leads to Remote Code Execution
Powiązane podatności
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitra...
RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attack...
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign fil...
RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI escape sequences, ...
RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. This vul...