RARLAB

WinRAR

27 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2018-20253

Exploit
  • EPSS 0.65%
  • Published 13.02.2019 01:29:00
  • Last modified 21.11.2024 04:01:10

In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA / LZH archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.

7.8

CVE-2018-20250

Warning Media report Exploit
  • EPSS 93.41%
  • Published 05.02.2019 20:29:00
  • Last modified 13.03.2025 17:07:28

In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) fol...

7.8

CVE-2018-20252

Exploit
  • EPSS 0.78%
  • Published 05.02.2019 20:29:00
  • Last modified 21.11.2024 04:01:10

In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.

5.5

CVE-2018-20251

Exploit
  • EPSS 1.01%
  • Published 05.02.2019 20:29:00
  • Last modified 21.11.2024 04:01:10

In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format. The UNACE module (UNACEV2.dll) creates files and folders as written in the filename field even when WinRAR valid...

7.4

CVE-2015-5663

  • EPSS 0.08%
  • Published 30.12.2015 05:59:00
  • Last modified 12.04.2025 10:46:40

The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name similar to an extensionless filename that was selected by the user.

10

CVE-2008-7144

  • EPSS 1.13%
  • Published 01.09.2009 16:30:00
  • Last modified 09.04.2025 00:30:58

Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have unknown impact and attack vectors related to crafted (1) ACE, (2) ARJ, (3) BZ2, (4) CAB, (5) GZ, (6) LHA, (7) RAR, (8) TAR, or (9) ZIP files, as demonstrated by the OUSPG PROTOS G...

2.1

CVE-2006-3912

  • EPSS 1%
  • Published 28.07.2006 00:04:00
  • Last modified 03.04.2025 01:03:51

Stack-based buffer overflow in the SFX module in WinRAR before 3.60 beta 8 has unspecified vectors and impact.

9.3

CVE-2006-3845

Exploit
  • EPSS 5.58%
  • Published 25.07.2006 23:04:00
  • Last modified 03.04.2025 01:03:51

Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 beta 6 allows remote attackers to execute arbitrary code via a long filename in a LHA archive.

4.6

CVE-2005-4620

Exploit
  • EPSS 0.2%
  • Published 31.12.2005 05:00:00
  • Last modified 03.04.2025 01:03:51

Buffer overflow in WinRAR 3.50 and earlier allows local users to execute arbitrary code via a long command-line argument. NOTE: because this program executes with the privileges of the invoking user, and because remote programs do not normally have ...

5.1

CVE-2005-4474

  • EPSS 0.72%
  • Published 22.12.2005 01:03:00
  • Last modified 03.04.2025 01:03:51

Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by tricking the user into adding a file whose filename contains a non-default code ...