Check Point Software Technologies Ltd. CWE-693

http://www.securityfocus.com/bid/106948 Third Party Advisory

http://www.securityfocus.com/bid/106948 Third Party Advisory, VDB Entry

https://research.checkpoint.com/extracting-code-execution-from-winrar/ No Types Assigned

https://research.checkpoint.com/extracting-code-execution-from-winrar/ Exploit, Third Party Advisory

A validation function (in WinRAR code) is being called before extraction of ACE archives. The validation function inspects the filename field for each compressed file in the ACE archive. In case the filename is disallow by the validator function (for example, the filename contains path traversal patterns) The extraction operation should be aborted and no file or folder should be extracted. However, the check of the return value from the validator function made too late (in UNACEV2.dll), after th

In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format. The UNACE module (UNACEV2.dll) creates files and folders as written in the filename field even when WinRAR validator noticed the traversal attempt and requestd to abort the extraction process. the operation is cancelled only after the folders and files were created but prior to them being written, therefore allowing the attacker to create empty files and folde

https://research.checkpoint.com/extracting-code-execution-from-winrar/ [No Types Assigned]

OR
     *cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:* versions up to (including) 5.61

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Victim must voluntarily interact with attack mechanism

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE-22

http://www.securityfocus.com/bid/106948 No Types Assigned

http://www.securityfocus.com/bid/106948 Third Party Advisory

https://www.win-rar.com/whatsnew.html No Types Assigned

https://www.win-rar.com/whatsnew.html Release Notes, Vendor Advisory

http://www.securityfocus.com/bid/106948 [No Types Assigned]