Privilege escalation in WinRAR - CVE-2018-20250
Published: February 11, 2019 / Updated: November 20, 2020
Vulnerability identifier: #VU17468
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear
CVE-ID: CVE-2018-20250
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
The vulnerability is being exploited in the wild
Vendor: RARLAB
Affected software:
WinRAR
WinRAR
Detailed vulnerability description
The vulnerability allows a local attacker to gain elevated privileges.
The vulnerability exists due to a logical bug. A local attacker can craft the filename field of the ACE format, cause the destination folder (extraction folder) to be ignored, and the relative path in the filename field to become an absolute Path, extract a file to an arbitrary location and execute arbitrary code with elevated privileges.
How to mitigate CVE-2018-20250
Update to version 5.70 Beta 1.