CVE-2018-20251

Name of the Vulnerable Software and Affected Versions WinRAR versions prior to and including 5.61

Description The issue is related to a path traversal vulnerability in the UNACE module (UNACEV2.dll) of WinRAR. When extracting ACE archives, the filename field is not properly checked, allowing an attacker to create empty files and folders anywhere in the file system. This occurs because the validation function, which checks for disallowed filenames, is called before extraction, but the check of its return value is made too late, after the creation of files and folders. As a result, the extraction operation is cancelled only after the folders and files were created, but before they are written. This vulnerability can be exploited by a remote attacker to place malicious files outside the extraction directory using a specially crafted ACE archive.

Recommendations For WinRAR versions prior to and including 5.61, consider disabling the UNACEV2.dll module until a patch is available to prevent the exploitation of this vulnerability. Restrict access to the UNACE module to minimize the risk of exploitation. Avoid using WinRAR to extract ACE archives from untrusted sources until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.