RARLAB

WinRAR

29 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2023-38831

Warnung Medienbericht Exploit
  • EPSS 93.95%
  • Veröffentlicht 23.08.2023 17:15:43
  • Zuletzt bearbeitet 31.10.2025 14:39:33

RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder t...

7.1

CVE-2022-43650

  • EPSS 1.85%
  • Veröffentlicht 29.03.2023 19:15:21
  • Zuletzt bearbeitet 21.11.2024 07:26:58

This vulnerability allows remote attackers to disclose sensitive information on affected installations of RARLAB WinRAR 6.11.0.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali...

7.8

CVE-2018-20253

Exploit
  • EPSS 0.73%
  • Veröffentlicht 13.02.2019 01:29:00
  • Zuletzt bearbeitet 21.11.2024 04:01:10

In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA / LZH archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.

5.5

CVE-2018-20251

Exploit
  • EPSS 0.55%
  • Veröffentlicht 05.02.2019 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:01:10

In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format. The UNACE module (UNACEV2.dll) creates files and folders as written in the filename field even when WinRAR valid...

7.8

CVE-2018-20252

Exploit
  • EPSS 0.73%
  • Veröffentlicht 05.02.2019 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:01:10

In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.

7.8

CVE-2018-20250

Warnung Medienbericht Exploit
  • EPSS 93.46%
  • Veröffentlicht 05.02.2019 20:29:00
  • Zuletzt bearbeitet 31.10.2025 22:07:10

In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) fol...

7.4

CVE-2015-5663

  • EPSS 0.08%
  • Veröffentlicht 30.12.2015 05:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name similar to an extensionless filename that was selected by the user.

10

CVE-2008-7144

  • EPSS 1.09%
  • Veröffentlicht 01.09.2009 16:30:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have unknown impact and attack vectors related to crafted (1) ACE, (2) ARJ, (3) BZ2, (4) CAB, (5) GZ, (6) LHA, (7) RAR, (8) TAR, or (9) ZIP files, as demonstrated by the OUSPG PROTOS G...

2.1

CVE-2006-3912

  • EPSS 0.91%
  • Veröffentlicht 28.07.2006 00:04:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Stack-based buffer overflow in the SFX module in WinRAR before 3.60 beta 8 has unspecified vectors and impact.

9.3

CVE-2006-3845

Exploit
  • EPSS 5.58%
  • Veröffentlicht 25.07.2006 23:04:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 beta 6 allows remote attackers to execute arbitrary code via a long filename in a LHA archive.