漏洞标题
RARLAB WinRAR 标记网络漏洞绕过
漏洞描述信息
RARLAB WinRAR的Mark-Of-The-Web绕过漏洞。此漏洞允许远程攻击者绕过受影响的RARLAB WinRAR安装的Mark-Of-The-Web保护机制。利用此漏洞需要用户交互,目标必须在恶意页面上执行特定操作。
具体漏洞存在于存档提取功能中。一个精心制作的存档条目可以在没有Mark-Of-The-Web的情况下创建任意文件。攻击者可以利用此漏洞与其他漏洞结合,以当前用户的上下文执行任意代码。该漏洞被标识为ZDI-CAN-23156。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
漏洞类别
对路径名的限制不恰当(路径遍历)
漏洞标题
RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability
漏洞描述信息
RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific action on a malicious page.
The specific flaw exists within the archive extraction functionality. A crafted archive entry can cause the creation of an arbitrary file without the Mark-Of-The-Web. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current user. Was ZDI-CAN-23156.
CVSS信息
N/A
漏洞类别
保护机制失效
漏洞标题
RARLAB WinRAR 安全漏洞
漏洞描述信息
WinRAR是一款文件压缩器。该产品支持RAR、ZIP等格式文件的压缩和解压等。 RARLAB WinRAR 存在安全漏洞,该漏洞源于 WinRAR 的 Mark-Of-The-Web 保护机制可以被绕过。攻击者利用该漏洞可以在当前用户的环境中执行任意代码。
CVSS信息
N/A
漏洞类别
其他