CVE-2018-20250
Published
CVSS v3
7.8
HIGH
CVSS v2
6.8
MEDIUM
Affected
1
PROJECT
Description
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.
Proof of concept code in C# to exploit the WinRAR ACE file extraction path (CVE-2018-20250).
GitHub