EUVD-2018-12815

Malware in sbrugna...

RARLAB WinRAR 5.61 - ACE Format Input Validation Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework TODO: add other non-payload files class MetasploitModule 'RARLAB WinRAR ACE Format Input Validation Remote Code Execution', 'Description' = %q In WinRAR versions prior t...

RARLAB WinRAR ACE Format Input Validation Remote Code Execution Exploit

In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format in UNACEV2.dll. When the filename field is manipulated with specific patterns, the destination extraction folder is ignored, thus treating the filename as an...

RARLAB WinRAR ACE Format Input Validation Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework TODO: add other non-payload files class MetasploitModule 'RARLAB WinRAR ACE Format Input Validation Remote Code Execution', 'Description' = %q In WinRAR versions prior t...

RARLAB WinRAR ACE Format Input Validation Remote Code Execution

In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format in UNACEV2.dll. When the filename field is manipulated with specific patterns, the destination extraction folder is ignored, thus treating the filename as an...

Latest WinRAR Flaw Being Exploited in the Wild to Hack Windows Computers

It's not just the critical Drupal vulnerability that is being exploited by in the wild cybercriminals to attack vulnerable websites that have not yet applied patches already available by its developers, but hackers are also exploiting a critical WinRAR vulnerability that was also revealed last...

Warning: Critical WinRAR Flaw Affects All Versions Released In Last 19 Years

Beware Windows users... a new dangerous remote code execution vulnerability has been discovered in the WinRAR software, affecting hundreds of millions of users worldwide. Cybersecurity researchers at Check Point have disclosed technical details of a critical vulnerability in WinRAR—a popular...

Path traversal

In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format. The UNACE module UNACEV2.dll creates files and folders as written in the filename field even when WinRAR validator noticed the traversal attempt and requestd t...

CVE-2018-20251

In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format. The UNACE module UNACEV2.dll creates files and folders as written in the filename field even when WinRAR validator noticed the traversal attempt and requestd t...

CVE-2018-20251

CVE-2018-20251 refers to a path-traversal in WinRAR’s ACE handling via unacev2.dll. Affected: WinRAR up to and including 5.61 (and related advisories noting ACE parsing support). The UNACEV2.dll creates files/folders as written in the ACE filename field even after the validator detects traversal ...

CVE-2018-20250

In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format in UNACEV2.dll. When the filename field is manipulated with specific patterns, the destination extraction folder is ignored, thus treating the filename as an...

CVE-2018-20250

In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format in UNACEV2.dll. When the filename field is manipulated with specific patterns, the destination extraction folder is ignored, thus treating the filename as an...

CVE-2018-20250

In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format in UNACEV2.dll. When the filename field is manipulated with specific patterns, the destination extraction folder is ignored, thus treating the filename as an...

avast! Antivirus ACE File Handling Buffer Overflow (CVE-2005-2385)

avast! antivirus is a product line consisting of several antivirus scanners for both desktop and server systems. The avast! scanner products are capable of on-access and on-demand scanning. The product line is also capable of scanning inside archived files. It supports numerous archive formats, o...

HAURI Anti-Virus ACE Archive Handling Buffer Overflow (CVE-2005-2720)

HAURI anti-virus is a product line consisting of several antivirus scanners for both desktop and server systems. The product line is capable of scanning inside archived files. It supports numerous archive formats, one of which is the widely used ACE compression format. A buffer overflow...