HTTP: RARLAB WinRAR ACE Remote Code Execution
This signature detects attempts to exploit a known vulnerability againstRARLAB WinRAR.Successful exploitation of the vulnerability could lead to execution of arbitrary code in the security context of the user.
Extended Description
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.
Affected Products
Rarlab winrar
Short Name
HTTP:STC:CVE-2018-20250-RCE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
ACE CVE-2018-20250 Code Execution RARLAB Remote WinRAR bid:106948
Release Date
02/25/2019
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Rarlab
CVSS Score
6.8