SB2019020507 - Multiple vulnerabilities in WinRAR

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019020507

SB2019020507 - Multiple vulnerabilities in WinRAR

Published: February 5, 2019 Updated: February 21, 2019

Security Bulletin ID SB2019020507
Severity
Low
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Privilege escalation (CVE-ID: CVE-2018-20250)

The vulnerability allows a local attacker to gain elevated privileges.

The vulnerability exists due to a logical bug. A local attacker can craft the filename field of the ACE format, cause the destination folder (extraction folder) to be ignored, and the relative path in the filename field to become an absolute Path, extract a file to an arbitrary location and execute arbitrary code with elevated privileges.


2) Privilege escalation (CVE-ID: CVE-2018-20251)

The vulnerability allows a local attacker to gain elevated privileges.

The vulnerability exists due to a validation function (in WinRAR code) that inspects the filename field for each compressed file in the ACE archive is being called before extraction of ACE archives. The extraction operation should be aborted and no file or folder should be extracted. However, the check of the return value from the validator function made too late (in UNACEV2.dll), after the creation of files and folders. A local attacker can disallow the filename by the validator function (for example, the filename contains path traversal patterns) and gain elevated privileges.


3) Out-of-bounds write (CVE-ID: CVE-2018-20252)

The vulnerability allows a local attacker to gain elevated privileges.

The vulnerability exists due to out-of-bounds write during parsing of crafted ACE and RAR archive formats. A local attacker can supply specially crafted input, trigger memory corruption and execute arbitrary code with elevated privileges.


4) Out-of-bounds write (CVE-ID: CVE-2018-20253)

The vulnerability allows a local attacker to gain elevated privileges.

The vulnerability exists due to out-of-bounds write during parsing crafted LHA / LZH archive formats. A local attacker can supply specially crafted input, trigger memory corruption and execute arbitrary code with elevated privileges.


Remediation

Install update from vendor's website.

References