Vulnerability identifier: #VU17468

Vulnerability risk: Low

CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2018-20250

CWE-ID: CWE-264

Exploitation vector: Local

Exploits in database: 7

• June 3, 2020
  • CVE-2018-20250-WinRAR (这资源是作者复现微软签字证书漏洞CVE-2020-0601，结合相关资源及文章实现。推荐大家结合作者博客，复现了该漏洞和理解恶意软件自启动劫持原理。作为网络安全初学者，自己确实很菜，但希望坚持下去，一起加油！) [Github]
• May 18, 2020
  • CPR-Zero: CVE-2018-20250 [CPR CheckPoint]
• March 18, 2020
  • CVE-2018-20250-WinRAR-ACE (Proof of concept code in C# to exploit the WinRAR ACE file extraction path (CVE-2018-20250).) [Github]
  • ezwinrar (Python tool exploiting CVE-2018-20250 found by CheckPoint folks) [Github]
  • WinRar_ACE_exploit_CVE-2018-20250 (This program is an script developed in Python which exploit the ACE vulnerability on WinRar - Vulnerability CVE-2018-20250) [Github]
  • CVE-2018-20250-WINRAR-ACE-GUI (CVE-2018-20250-WINRAR-ACE Exploit with a UI) [Github]
  • RARLAB WinRAR ACE Format Input Validation Remote Code Execution [Metasploit]

Impact: Code execution

Vulnerable software:
WinRAR
Client/Desktop applications / Software for archiving

Vendor: RARLAB