KLA11427Multiple ACE vulnerabilities in WinRAR

2019-02-05T00:00:00
ID KLA11427
Type kaspersky
Reporter Kaspersky Lab
Modified 2020-06-18T00:00:00

Description

Detect date:

02/05/2019

Severity:

Critical

Description:

Multiple vulnerabilities were found in WinRAR. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions.

Affected products:

WinRAR 5.x earlier than 5.70

Solution:

Update to the latest version
WinRAR and RAR archiver downloads

Original advisories:

Extracting a 19 Year Old Code Execution from WinRAR
Security Week 09

Impacts:

ACE

Related products:

WinRAR

CVE-IDS:

CVE-2018-202507.8Critical
CVE-2018-202515.5High
CVE-2018-202527.8Critical
CVE-2018-202537.8Critical

Exploitation:

The following public exploits exists for this vulnerability: