FILE-OTHER WinRAR ACE remote code execution attempt
This event is generated when an ACE archive that exploits the vulnerability outlined in CVE-2018-20250 is detected.
Remote Code Execution
CVE-2018-20250:
CVSS base score 7.8
CVSS impact score 5.9
CVSS exploitability score 1.8
Confidentiality Impact HIGH
Integrity Impact HIGH
Availability Impact HIGH
CVE-2018-20250: By crafting the filename field of the ACE format, the destination folder (extraction folder) is ignored, and the relative path in the filename field becomes an absolute Path. This logical bug, allows the extraction of a file to an arbitrary location which is effectively code execution.
CVE-2018-20250:
Access Vector
Access Complexity
Authentication
©2020 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
Privacy Policy | Snort License | FAQ | Sitemap
