CVE-2018-20252

Name of the Vulnerable Software and Affected Versions WinRAR versions prior to and including 5.60

Description The issue is related to an out-of-bounds write vulnerability in the unacev2.dll library of the WinRAR file archiver when extracting files. This can be exploited by a remote attacker using a specially crafted LZH- or LHA-archive, potentially allowing for arbitrary code execution in the context of the current user. The vulnerability is also triggered during the parsing of crafted ACE and RAR archive formats.

Recommendations For WinRAR versions prior to and including 5.60, update to a version later than 5.60 to resolve the issue. As a temporary workaround, consider avoiding the use of the unacev2.dll library when extracting files from potentially untrusted sources. Restrict access to the vulnerable library to minimize the risk of exploitation.