jvndb-2015-000199
Vulnerability from jvndb
Published
2015-12-17 15:19
Modified
2016-01-07 15:36
Severity ?
7.8 (High) - cvssV3_0 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
WinRAR may insecurely load executable files
Details
WinRAR contains a function where user specified files on the local disk can be executed. When this file does not have a file extension, a file of the same name with a file extension contained in the same folder may be executed by WinRAR instead of the user specified file. WinRAR also contains a function where registry settings can be saved and registry settings can be recovered from files. If the folder displayed on screen contains an executable file, such as REGEDIT.BAT, when attempting to save or recover registry settings, REGEDIT.BAT is executed instead of the Windows registry editor (regedit.exe).
References
JVN https://jvn.jp/en/jp/JVN64636058/index.html
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5663
NVD https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5663
No Mapping(CWE-Other) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
RARLABWinRAR
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000199.html",
  "dc:date": "2016-01-07T15:36+09:00",
  "dcterms:issued": "2015-12-17T15:19+09:00",
  "dcterms:modified": "2016-01-07T15:36+09:00",
  "description": "WinRAR contains a function where user specified files on the local disk can be executed. When this file does not have a file extension, a file of the same name with a file extension contained in the same folder may be executed by WinRAR instead of the user specified file.\r\n\r\nWinRAR also contains a function where registry settings can be saved and registry settings can be recovered from files. If the folder displayed on screen contains an executable file, such as REGEDIT.BAT, when attempting to save or recover registry settings, REGEDIT.BAT is executed instead of the Windows registry editor (regedit.exe).",
  "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000199.html",
  "sec:cpe": {
    "#text": "cpe:/a:rarlab:winrar",
    "@product": "WinRAR",
    "@vendor": "RARLAB",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.1",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "7.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2015-000199",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN64636058/index.html",
      "@id": "JVN#64636058",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5663",
      "@id": "CVE-2015-5663",
      "@source": "CVE"
    },
    {
      "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5663",
      "@id": "CVE-2015-5663",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "WinRAR may insecurely load executable files"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.