CVE-2018-20253

Name of the Vulnerable Software and Affected Versions WinRAR versions prior to and including 5.60

Description The issue is related to an out-of-bounds write vulnerability that occurs during the parsing of crafted LHA / LZH archive formats. This can lead to arbitrary code execution in the context of the current user. The vulnerability is also associated with the unacev2.dll library and can be exploited by a remote attacker using a specially crafted ACE- or RAR-archive, allowing them to execute arbitrary code.

Recommendations For WinRAR versions prior to and including 5.60, update to a version later than 5.60 to resolve the issue. As a temporary workaround, consider avoiding the use of the unacev2.dll library or restricting the extraction of files from ACE- or RAR-archives until a patch is available.