RARLAB

WinRAR

27 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-8088

Warning Media report
  • EPSS 4.19%
  • Published 08.08.2025 11:11:41
  • Last modified 16.09.2025 13:53:26

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Koši...

8.4

CVE-2014-125119

  • EPSS 0.28%
  • Published 25.07.2025 16:15:26
  • Last modified 29.07.2025 14:14:55

A filename spoofing vulnerability exists in WinRAR when opening specially crafted ZIP archives. The issue arises due to inconsistencies between the Central Directory and Local File Header entries in ZIP files. When viewed in WinRAR, the file name fro...

7.8

CVE-2025-6218

Media report
  • EPSS 0.49%
  • Published 21.06.2025 00:09:02
  • Last modified 25.06.2025 19:03:33

RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that...

6.8

CVE-2025-31334

Media report
  • EPSS 0.22%
  • Published 03.04.2025 06:15:42
  • Last modified 01.07.2025 15:10:55

Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the...

7.5

CVE-2024-36052

  • EPSS 0.12%
  • Published 21.05.2024 17:15:09
  • Last modified 21.11.2024 09:21:31

RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI escape sequences, a different issue than CVE-2024-33899.

7.8

CVE-2023-40477

  • EPSS 92.95%
  • Published 03.05.2024 03:15:20
  • Last modified 20.06.2025 18:13:59

RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exp...

7.1

CVE-2024-33899

  • EPSS 1.03%
  • Published 29.04.2024 00:15:07
  • Last modified 21.11.2024 09:17:41

RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape sequences.

4.3

CVE-2024-30370

  • EPSS 0.62%
  • Published 02.04.2024 21:15:50
  • Last modified 20.06.2025 18:15:03

RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability i...

7.8

CVE-2023-38831

Warning Media report Exploit
  • EPSS 93.8%
  • Published 23.08.2023 17:15:43
  • Last modified 20.12.2024 17:50:59

RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder t...

7.1

CVE-2022-43650

  • EPSS 1.24%
  • Published 29.03.2023 19:15:21
  • Last modified 21.11.2024 07:26:58

This vulnerability allows remote attackers to disclose sensitive information on affected installations of RARLAB WinRAR 6.11.0.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali...