CVE CVE-2018-20250 Mappings

In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CVE-2018-20250 WinRAR uncategorized T1203 Exploitation for Client Execution
CVE-2018-20250 WinRAR uncategorized T1204.002 Malicious File