Vulnerability-Lookup

CVE-2018-20252 (GCVE-0-2018-20252)

Vulnerability from cvelistv5 – Published: 2019-02-05 20:00 – Updated: 2024-09-16 18:24

Summary

In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Severity

No CVSS data available.

CWE

CWE-787 - Out-of-bounds Write

Assigner

checkpoint

References

3 references

URL	Tags
https://research.checkpoint.com/extracting-code-e…	x_refsource_MISC
http://www.securityfocus.com/bid/106948	vdb-entryx_refsource_BID
https://www.win-rar.com/whatsnew.html	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Check Point Software Technologies Ltd.	WinRAR	Affected: All versions prior and including 5.60

Date Public

2019-02-05 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:58:19.176Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://research.checkpoint.com/extracting-code-execution-from-winrar/"
          },
          {
            "name": "106948",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106948"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.win-rar.com/whatsnew.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WinRAR",
          "vendor": "Check Point Software Technologies Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior and including 5.60"
            }
          ]
        }
      ],
      "datePublic": "2019-02-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-14T17:57:01.000Z",
        "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "shortName": "checkpoint"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://research.checkpoint.com/extracting-code-execution-from-winrar/"
        },
        {
          "name": "106948",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106948"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.win-rar.com/whatsnew.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@checkpoint.com",
          "DATE_PUBLIC": "2019-02-05T00:00:00",
          "ID": "CVE-2018-20252",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WinRAR",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions prior and including 5.60"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Check Point Software Technologies Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-787: Out-of-bounds Write"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://research.checkpoint.com/extracting-code-execution-from-winrar/",
              "refsource": "MISC",
              "url": "https://research.checkpoint.com/extracting-code-execution-from-winrar/"
            },
            {
              "name": "106948",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106948"
            },
            {
              "name": "https://www.win-rar.com/whatsnew.html",
              "refsource": "MISC",
              "url": "https://www.win-rar.com/whatsnew.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
    "assignerShortName": "checkpoint",
    "cveId": "CVE-2018-20252",
    "datePublished": "2019-02-05T20:00:00.000Z",
    "dateReserved": "2018-12-19T00:00:00.000Z",
    "dateUpdated": "2024-09-16T18:24:07.685Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2018-20252",
      "date": "2026-05-29",
      "epss": "0.00729",
      "percentile": "0.72959"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.60\", \"matchCriteriaId\": \"1BE78CF2-EF53-4E6E-AA07-57438305ED20\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.\"}, {\"lang\": \"es\", \"value\": \"En WinRAR, en versiones anteriores la 5.60 (inclusive), hay una vulnerabilidad de escritura fuera de l\\u00edmites durante el an\\u00e1lisis de formatos de archivo ACE y RAR manipulados. Su explotaci\\u00f3n con \\u00e9xito podr\\u00eda permitir la ejecuci\\u00f3n arbitraria de c\\u00f3digo en el contexto del usuario actual.\"}]",
      "id": "CVE-2018-20252",
      "lastModified": "2024-11-21T04:01:10.453",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2019-02-05T20:29:00.320",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/106948\", \"source\": \"cve@checkpoint.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://research.checkpoint.com/extracting-code-execution-from-winrar/\", \"source\": \"cve@checkpoint.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://www.win-rar.com/whatsnew.html\", \"source\": \"cve@checkpoint.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/106948\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://research.checkpoint.com/extracting-code-execution-from-winrar/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://www.win-rar.com/whatsnew.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@checkpoint.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cve@checkpoint.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-20252\",\"sourceIdentifier\":\"cve@checkpoint.com\",\"published\":\"2019-02-05T20:29:00.320\",\"lastModified\":\"2024-11-21T04:01:10.453\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.\"},{\"lang\":\"es\",\"value\":\"En WinRAR, en versiones anteriores la 5.60 (inclusive), hay una vulnerabilidad de escritura fuera de l\u00edmites durante el an\u00e1lisis de formatos de archivo ACE y RAR manipulados. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir la ejecuci\u00f3n arbitraria de c\u00f3digo en el contexto del usuario actual.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"cve@checkpoint.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.60\",\"matchCriteriaId\":\"1BE78CF2-EF53-4E6E-AA07-57438305ED20\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/106948\",\"source\":\"cve@checkpoint.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://research.checkpoint.com/extracting-code-execution-from-winrar/\",\"source\":\"cve@checkpoint.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.win-rar.com/whatsnew.html\",\"source\":\"cve@checkpoint.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/106948\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://research.checkpoint.com/extracting-code-execution-from-winrar/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.win-rar.com/whatsnew.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}"
  }
}

BDU:2019-00862

Vulnerability from fstec - Published: 20.02.2019

Title

Уязвимость архиватора файлов WinRAR, связанная с записью за границами буфера в памяти при извлечении файлов, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость библиотеки unacev2.dll файлового архиватора WinRAR связана с записью за границами буфера в памяти при извлечении файлов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код с помощью специально сформированного LZH- или LHA-архива

Severity


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor

WinRAR GmbH

Software Name

WinRAR

Software Version

до 5.70 Beta 1 (WinRAR)

Possible Mitigations

Обновление до версии 5.70 Beta 1

Reference

https://research.checkpoint.com/extracting-code-execution-from-winrar/ https://xakep.ru/2019/02/21/winrar-bug/ https://www.securitylab.ru/news/498047.php https://www.win-rar.com/whatsnew.html

CWE

CWE-787

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "WinRAR GmbH",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 5.70 Beta 1 (WinRAR)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 5.70 Beta 1",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "20.02.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "01.03.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-00862",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-20252",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "WinRAR",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Microsoft Corp Windows - ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0432\u0430\u0442\u043e\u0440\u0430 \u0444\u0430\u0439\u043b\u043e\u0432 WinRAR, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u0440\u0438 \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u0438 \u0444\u0430\u0439\u043b\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 unacev2.dll \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u0433\u043e \u0430\u0440\u0445\u0438\u0432\u0430\u0442\u043e\u0440\u0430 WinRAR \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u0440\u0438 \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u0438 \u0444\u0430\u0439\u043b\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e  LZH- \u0438\u043b\u0438 LHA-\u0430\u0440\u0445\u0438\u0432\u0430",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://research.checkpoint.com/extracting-code-execution-from-winrar/\nhttps://xakep.ru/2019/02/21/winrar-bug/\nhttps://www.securitylab.ru/news/498047.php\nhttps://www.win-rar.com/whatsnew.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-787",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}

CNVD-2019-04913

Vulnerability from cnvd - Published: 2019-02-22

Title

WinRAR ACE/RAR任意代码执行漏洞

Description

WinRAR是一款压缩包管理器，作为档案工具RAR在 Windows环境下的图形界面，可用于备份数据、压缩文件、解压RAR/ZIP等格式的文件、创建 RAR/ZIP 等格式的压缩文件，得到了较为广泛的应用。 WinRAR ACE/RAR存在任意代码执行漏洞，攻击者可利用该漏洞执行任意代码。

Severity

高

Patch Name

WinRAR ACE/RAR任意代码执行漏洞的补丁

Patch Description

WinRAR是一款压缩包管理器，作为档案工具RAR在 Windows环境下的图形界面，可用于备份数据、压缩文件、解压RAR/ZIP等格式的文件、创建 RAR/ZIP 等格式的压缩文件，得到了较为广泛的应用。 WinRAR ACE/RAR存在任意代码执行漏洞，攻击者可利用该漏洞执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

WinRAR厂商已发布新版本修复此漏洞，建议立即升级至最新版本： https://www.win-rar.com/download.html

Impacted products

Name
WinRAR WinRAR <5.70 Beta 1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-20252"
    }
  },
  "description": "WinRAR\u662f\u4e00\u6b3e\u538b\u7f29\u5305\u7ba1\u7406\u5668\uff0c\u4f5c\u4e3a\u6863\u6848\u5de5\u5177RAR\u5728 Windows\u73af\u5883\u4e0b\u7684\u56fe\u5f62\u754c\u9762\uff0c\u53ef\u7528\u4e8e\u5907\u4efd\u6570\u636e\u3001\u538b\u7f29\u6587\u4ef6\u3001\u89e3\u538bRAR/ZIP\u7b49\u683c\u5f0f\u7684\u6587\u4ef6\u3001\u521b\u5efa RAR/ZIP \u7b49\u683c\u5f0f\u7684\u538b\u7f29\u6587\u4ef6\uff0c\u5f97\u5230\u4e86\u8f83\u4e3a\u5e7f\u6cdb\u7684\u5e94\u7528\u3002\n\nWinRAR ACE/RAR\u5b58\u5728\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Check Point",
  "formalWay": "WinRAR\u5382\u5546\u5df2\u53d1\u5e03\u65b0\u7248\u672c\u4fee\u590d\u6b64\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7acb\u5373\u5347\u7ea7\u81f3\u6700\u65b0\u7248\u672c\uff1a\r\nhttps://www.win-rar.com/download.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-04913",
  "openTime": "2019-02-22",
  "patchDescription": "WinRAR\u662f\u4e00\u6b3e\u538b\u7f29\u5305\u7ba1\u7406\u5668\uff0c\u4f5c\u4e3a\u6863\u6848\u5de5\u5177RAR\u5728 Windows\u73af\u5883\u4e0b\u7684\u56fe\u5f62\u754c\u9762\uff0c\u53ef\u7528\u4e8e\u5907\u4efd\u6570\u636e\u3001\u538b\u7f29\u6587\u4ef6\u3001\u89e3\u538bRAR/ZIP\u7b49\u683c\u5f0f\u7684\u6587\u4ef6\u3001\u521b\u5efa RAR/ZIP \u7b49\u683c\u5f0f\u7684\u538b\u7f29\u6587\u4ef6\uff0c\u5f97\u5230\u4e86\u8f83\u4e3a\u5e7f\u6cdb\u7684\u5e94\u7528\u3002\r\n\r\nWinRAR ACE/RAR\u5b58\u5728\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "WinRAR ACE/RAR\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "WinRAR WinRAR \u003c5.70 Beta 1"
  },
  "serverity": "\u9ad8",
  "submitTime": "2019-02-21",
  "title": "WinRAR ACE/RAR\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

FKIE_CVE-2018-20252

Vulnerability from fkie_nvd - Published: 2019-02-05 20:29 - Updated: 2024-11-21 04:01

Severity

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@checkpoint.com	http://www.securityfocus.com/bid/106948	Third Party Advisory, VDB Entry
cve@checkpoint.com	https://research.checkpoint.com/extracting-code-execution-from-winrar/	Exploit, Third Party Advisory
cve@checkpoint.com	https://www.win-rar.com/whatsnew.html	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/106948	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://research.checkpoint.com/extracting-code-execution-from-winrar/	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.win-rar.com/whatsnew.html	Release Notes, Vendor Advisory

Impacted products

	Vendor	Product	Version
	rarlab	winrar	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BE78CF2-EF53-4E6E-AA07-57438305ED20",
              "versionEndIncluding": "5.60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user."
    },
    {
      "lang": "es",
      "value": "En WinRAR, en versiones anteriores la 5.60 (inclusive), hay una vulnerabilidad de escritura fuera de l\u00edmites durante el an\u00e1lisis de formatos de archivo ACE y RAR manipulados. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir la ejecuci\u00f3n arbitraria de c\u00f3digo en el contexto del usuario actual."
    }
  ],
  "id": "CVE-2018-20252",
  "lastModified": "2024-11-21T04:01:10.453",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-02-05T20:29:00.320",
  "references": [
    {
      "source": "cve@checkpoint.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106948"
    },
    {
      "source": "cve@checkpoint.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://research.checkpoint.com/extracting-code-execution-from-winrar/"
    },
    {
      "source": "cve@checkpoint.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.win-rar.com/whatsnew.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106948"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://research.checkpoint.com/extracting-code-execution-from-winrar/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.win-rar.com/whatsnew.html"
    }
  ],
  "sourceIdentifier": "cve@checkpoint.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "cve@checkpoint.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-3935-5WQM-4J94

Vulnerability from github – Published: 2022-05-13 01:32 – Updated: 2022-05-13 01:32

Details

Severity

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-20252"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-02-05T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.",
  "id": "GHSA-3935-5wqm-4j94",
  "modified": "2022-05-13T01:32:24Z",
  "published": "2022-05-13T01:32:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20252"
    },
    {
      "type": "WEB",
      "url": "https://research.checkpoint.com/extracting-code-execution-from-winrar"
    },
    {
      "type": "WEB",
      "url": "https://www.win-rar.com/whatsnew.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106948"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2018-20252

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-20252

Aliases

CVE-2018-20252

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-20252",
    "description": "In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.",
    "id": "GSD-2018-20252"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-20252"
      ],
      "details": "In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.",
      "id": "GSD-2018-20252",
      "modified": "2023-12-13T01:22:29.617792Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@checkpoint.com",
        "DATE_PUBLIC": "2019-02-05T00:00:00",
        "ID": "CVE-2018-20252",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "WinRAR",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions prior and including 5.60"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Check Point Software Technologies Ltd."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-787: Out-of-bounds Write"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://research.checkpoint.com/extracting-code-execution-from-winrar/",
            "refsource": "MISC",
            "url": "https://research.checkpoint.com/extracting-code-execution-from-winrar/"
          },
          {
            "name": "106948",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/106948"
          },
          {
            "name": "https://www.win-rar.com/whatsnew.html",
            "refsource": "MISC",
            "url": "https://www.win-rar.com/whatsnew.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.60",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@checkpoint.com",
          "ID": "CVE-2018-20252"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.win-rar.com/whatsnew.html",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://www.win-rar.com/whatsnew.html"
            },
            {
              "name": "106948",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/106948"
            },
            {
              "name": "https://research.checkpoint.com/extracting-code-execution-from-winrar/",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://research.checkpoint.com/extracting-code-execution-from-winrar/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-09T23:39Z",
      "publishedDate": "2019-02-05T20:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-20252 (GCVE-0-2018-20252)

BDU:2019-00862

CNVD-2019-04913

FKIE_CVE-2018-20252

GHSA-3935-5WQM-4J94

GSD-2018-20252

Tags

Sightings

Nomenclature