{"containers":{"cna":{"affected":[{"product":"WinRAR","vendor":"Check Point Software Technologies Ltd.","versions":[{"status":"affected","version":"All versions prior and including 5.61"}]}],"datePublic":"2019-02-05T00:00:00.000Z","descriptions":[{"lang":"en","value":"In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-36","description":"CWE-36: Absolute Path Traversal","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2019-04-25T18:06:08.000Z","orgId":"897c38be-0345-43cd-b6cf-fe179e0c4f45","shortName":"checkpoint"},"references":[{"tags":["x_refsource_MISC"],"url":"https://github.com/blau72/CVE-2018-20250-WinRAR-ACE"},{"tags":["x_refsource_MISC"],"url":"https://research.checkpoint.com/extracting-code-execution-from-winrar/"},{"name":"46552","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"https://www.exploit-db.com/exploits/46552/"},{"name":"106948","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/106948"},{"tags":["x_refsource_MISC"],"url":"https://www.win-rar.com/whatsnew.html"},{"tags":["x_refsource_MISC"],"url":"http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html"},{"tags":["x_refsource_MISC"],"url":"http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace"},{"name":"46756","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"https://www.exploit-db.com/exploits/46756/"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@checkpoint.com","DATE_PUBLIC":"2019-02-05T00:00:00","ID":"CVE-2018-20250","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"WinRAR","version":{"version_data":[{"version_value":"All versions prior and including 5.61"}]}}]},"vendor_name":"Check Point Software Technologies Ltd."}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-36: Absolute Path Traversal"}]}]},"references":{"reference_data":[{"name":"https://github.com/blau72/CVE-2018-20250-WinRAR-ACE","refsource":"MISC","url":"https://github.com/blau72/CVE-2018-20250-WinRAR-ACE"},{"name":"https://research.checkpoint.com/extracting-code-execution-from-winrar/","refsource":"MISC","url":"https://research.checkpoint.com/extracting-code-execution-from-winrar/"},{"name":"46552","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/46552/"},{"name":"106948","refsource":"BID","url":"http://www.securityfocus.com/bid/106948"},{"name":"https://www.win-rar.com/whatsnew.html","refsource":"MISC","url":"https://www.win-rar.com/whatsnew.html"},{"name":"http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html","refsource":"MISC","url":"http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html"},{"name":"http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace","refsource":"MISC","url":"http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace"},{"name":"46756","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/46756/"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T11:58:19.126Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/blau72/CVE-2018-20250-WinRAR-ACE"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://research.checkpoint.com/extracting-code-execution-from-winrar/"},{"name":"46552","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"https://www.exploit-db.com/exploits/46552/"},{"name":"106948","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/106948"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.win-rar.com/whatsnew.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace"},{"name":"46756","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"https://www.exploit-db.com/exploits/46756/"}]},{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.8,"attackVector":"LOCAL","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"id":"CVE-2018-20250","role":"CISA Coordinator","options":[{"Exploitation":"active"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-02-07T13:40:28.345239Z"}}},{"other":{"type":"kev","content":{"dateAdded":"2022-02-15","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-20250"}}}],"references":[{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-20250","tags":["government-resource"]}],"timeline":[{"time":"2022-02-15T00:00:00.000Z","lang":"en","value":"CVE-2018-20250 added to CISA KEV"}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-21T23:45:43.535Z"}}]},"cveMetadata":{"assignerOrgId":"897c38be-0345-43cd-b6cf-fe179e0c4f45","assignerShortName":"checkpoint","cveId":"CVE-2018-20250","datePublished":"2019-02-05T20:00:00.000Z","dateReserved":"2018-12-19T00:00:00.000Z","dateUpdated":"2025-10-21T23:45:43.535Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}