RARLAB

WinRAR

30 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.15%
  • Veröffentlicht 02.04.2024 21:15:50
  • Zuletzt bearbeitet 20.06.2025 18:15:03

RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability i...

Warnung Medienbericht Exploit
  • EPSS 97.8%
  • Veröffentlicht 23.08.2023 17:15:43
  • Zuletzt bearbeitet 31.10.2025 14:39:33

RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder t...

  • EPSS 23.04%
  • Veröffentlicht 29.03.2023 19:15:21
  • Zuletzt bearbeitet 21.11.2024 07:26:58

This vulnerability allows remote attackers to disclose sensitive information on affected installations of RARLAB WinRAR 6.11.0.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali...

Exploit
  • EPSS 4.04%
  • Veröffentlicht 13.02.2019 01:29:00
  • Zuletzt bearbeitet 21.11.2024 04:01:10

In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA / LZH archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Exploit
  • EPSS 3.62%
  • Veröffentlicht 05.02.2019 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:01:10

In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Exploit
  • EPSS 31.53%
  • Veröffentlicht 05.02.2019 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:01:10

In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format. The UNACE module (UNACEV2.dll) creates files and folders as written in the filename field even when WinRAR valid...

Warnung Medienbericht Exploit
  • EPSS 96.27%
  • Veröffentlicht 05.02.2019 20:29:00
  • Zuletzt bearbeitet 31.10.2025 22:07:10

In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) fol...

  • EPSS 0.91%
  • Veröffentlicht 30.12.2015 05:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name similar to an extensionless filename that was selected by the user.

  • EPSS 2.27%
  • Veröffentlicht 01.09.2009 16:30:00
  • Zuletzt bearbeitet 16.06.2026 23:03:42

Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have unknown impact and attack vectors related to crafted (1) ACE, (2) ARJ, (3) BZ2, (4) CAB, (5) GZ, (6) LHA, (7) RAR, (8) TAR, or (9) ZIP files, as demonstrated by the OUSPG PROTOS G...

  • EPSS 5.67%
  • Veröffentlicht 28.07.2006 00:04:00
  • Zuletzt bearbeitet 16.06.2026 22:28:03

Stack-based buffer overflow in the SFX module in WinRAR before 3.60 beta 8 has unspecified vectors and impact.