File-execution Vulnerability in WinRAR Affects Local Users
CVE-2015-5663

7.4HIGH

Key Information:

Vendor
Rarlab
Status
Winrar
Vendor
CVE Published:
30 December 2015

Summary

The file-execution feature in WinRAR versions prior to 5.30 beta 5 is susceptible to exploitation by local users. An attacker can design a Trojan horse file that mimics an extensionless filename, which may be inadvertently executed by a user. This vulnerability can lead to unauthorized privilege escalation, allowing the attacker to execute arbitrary commands with the user's permissions. Users are advised to update to the latest version to mitigate the risks associated with this vulnerability.

References

http://www.securityfocus.com/bid/79666
vdb-entryx_refsource_BID
http://jvn.jp/en/jp/JVN64636058/index.html
third-party-advisoryx_refsource_JVN
http://www.securitytracker.com/id/1034881
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.