CVE-2018-20252
Severity Score
7.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.
En WinRAR, en versiones anteriores la 5.60 (inclusive), hay una vulnerabilidad de escritura fuera de límites durante el análisis de formatos de archivo ACE y RAR manipulados. Su explotación con éxito podría permitir la ejecución arbitraria de código en el contexto del usuario actual.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-12-19 CVE Reserved
- 2019-02-05 CVE Published
- 2024-06-28 EPSS Updated
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/106948 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://research.checkpoint.com/extracting-code-execution-from-winrar | 2024-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.win-rar.com/whatsnew.html | 2019-10-09 |