4 matches found
RARLAB WinRAR < 5.70 Beta 1 Multiple Vulnerabilities
The version of RARLAB WinRAR installed on the remote Windows host is prior to 5.70 Beta 1. It is, therefore, affected by the following vulnerabilities : - An error exists in the file 'unacev2.dll' related to the 'filename' field, that allows a specially crafted ACE archive to overwrite files...
19-Year-Old WinRAR Flaw Plagues 500 Million Users
Popular Windows data compression tool WinRAR has patched a serious 19-year-old security flaw that was discovered on its platform, potentially impacting 500 million users. The path-traversal vulnerability, which WinRAR fixed in January, could allow bad actors to remotely execute malicious code on...
CVE-2018-20251
CVE-2018-20251 refers to a path-traversal in WinRAR’s ACE handling via unacev2.dll. Affected: WinRAR up to and including 5.61 (and related advisories noting ACE parsing support). The UNACEV2.dll creates files/folders as written in the ACE filename field even after the validator detects traversal ...
KLA11427 Multiple ACE vulnerabilities in WinRAR
Multiple vulnerabilities were found in WinRAR. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions. Below is a complete list of vulnerabilities: 1. A logical issue can be exploited locally via specially crafted filename of the ACE archive to...