CVE-2023-38831 – RARLAB WinRAR Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-38831
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023. WinRAR version 6.22 suffers from a remote code execution vulnerability via a malicious zip archive. RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file within a ZIP archive. • https://github.com/b1tg/CVE-2023-38831-winrar-exploit https://github.com/ignis-sec/CVE-2023-38831-RaRCE https://github.com/Malwareman007/CVE-2023-38831 https://github.com/MorDavid/CVE-2023-38831-Winrar-Exploit-Generator-POC https://github.com/ahmed-fa7im/CVE-2023-38831-winrar-expoit-simple-Poc https://github.com/xaitax/WinRAR-CVE-2023-38831 https://github.com/z3r0sw0rd/CVE-2023-38831-PoC https://github.com/ameerpornillos/CVE-2023-38831-WinRAR-Exploit https://github.com/Mich-ele • CWE-351: Insufficient Type Distinction •
CVE-2018-20253
https://notcve.org/view.php?id=CVE-2018-20253
In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA / LZH archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user. En WinRAR, en versiones anteriores a la 5.60 (inclusive), hay una vulnerabilidad de escritura fuera de límites durante el análisis de formatos de archivo LHA/LZH manipulados. Su explotación con éxito podría permitir la ejecución arbitraria de código en el contexto del usuario actual. • https://research.checkpoint.com/extracting-code-execution-from-winrar https://www.win-rar.com/whatsnew.html • CWE-787: Out-of-bounds Write •
CVE-2018-20250 – WinRAR Absolute Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2018-20250
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path. En WinRAR, en versiones anteriores a la 5.61, hay una vulnerabilidad de salto de directorio al manipular el campo "filename" del formato ACE (en UNACEV2.dll). Cuando este campo se manipula con patrones específicos, la carpeta de destino (extracción) se ignora, tratando el nombre de archivo como ruta absoluta. WinRAR Absolute Path Traversal vulnerability leads to Remote Code Execution • https://www.exploit-db.com/exploits/46756 https://www.exploit-db.com/exploits/46552 https://github.com/WyAtu/CVE-2018-20250 https://github.com/QAX-A-Team/CVE-2018-20250 https://github.com/easis/CVE-2018-20250-WinRAR-ACE https://github.com/STP5940/CVE-2018-20250 https://github.com/arkangel-dev/CVE-2018-20250-WINRAR-ACE-GUI https://github.com/nmweizi/CVE-2018-20250-poc-winrar https://github.com/blunden/UNACEV2.DLL-CVE-2018-20250 https://github.com/zeronohacker/C • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-36: Absolute Path Traversal •
CVE-2018-20251
https://notcve.org/view.php?id=CVE-2018-20251
In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format. The UNACE module (UNACEV2.dll) creates files and folders as written in the filename field even when WinRAR validator noticed the traversal attempt and requestd to abort the extraction process. the operation is cancelled only after the folders and files were created but prior to them being written, therefore allowing the attacker to create empty files and folders everywhere in the file system. En WinRAR, en versiones anteriores e incluyendo a la 5.61, hay una vulnerabilidad de salto de directorio al manipular el campo "filename" del formato ACE. El módulo UNACE (UNACEV2.dll) crea archivos y carpetas tal y como están escritos en el campo "filename", incluso cuando el validador de WinRAR descubría el intento de salto y solicitaba abortar el proceso de extracción. La operación se cancelaba solo tras crear las carpetas y archivos, pero antes de que se escribiesen, permitiendo así que el atacante cree archivos y carpetas vacíos en cualquier lugar del sistema de archivos. • http://www.securityfocus.com/bid/106948 https://research.checkpoint.com/extracting-code-execution-from-winrar https://www.win-rar.com/whatsnew.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-693: Protection Mechanism Failure •
CVE-2018-20252
https://notcve.org/view.php?id=CVE-2018-20252
In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user. En WinRAR, en versiones anteriores la 5.60 (inclusive), hay una vulnerabilidad de escritura fuera de límites durante el análisis de formatos de archivo ACE y RAR manipulados. Su explotación con éxito podría permitir la ejecución arbitraria de código en el contexto del usuario actual. • http://www.securityfocus.com/bid/106948 https://research.checkpoint.com/extracting-code-execution-from-winrar https://www.win-rar.com/whatsnew.html • CWE-787: Out-of-bounds Write •