CVE-2018-20252

EPSS 0.73% · P73 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-20252

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

跨界内存写

Source: NVD (National Vulnerability Database)

Vulnerability Title

WinRAR 缓冲区错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

WinRAR是一款文件压缩器。该产品支持RAR、ZIP等格式文件的压缩和解压等。 WinRar ACE和RAR中存在越界写入漏洞。远程攻击者可借助特制的ACE和RAR归档格式文件利用该漏洞在当前的用户上下文中执行任意代码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Check Point Software Technologies Ltd.	WinRAR	All versions prior and including 5.60	-

II. Public POCs for CVE-2018-20252

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2018-20252

请登录查看更多情报信息。

https://research.checkpoint.com/extracting-code-execution-from-winrar/x_refsource_MISC
http://www.securityfocus.com/bid/106948vdb-entryx_refsource_BID
https://nvd.nist.gov/vuln/detail/CVE-2018-20252

Same Patch Batch · Check Point Software Technologies Ltd. · 2019-02-05 · 13 CVEs total

CVE-2018-20250		WinRar 路径遍历漏洞
CVE-2018-20251		WinRAR 路径遍历漏洞
CVE-2018-8791		rdesktop 缓冲区错误漏洞
CVE-2018-8792		rdesktop 缓冲区错误漏洞
CVE-2018-8793		rdesktop 缓冲区错误漏洞
CVE-2018-8794		rdesktop 输入验证错误漏洞
CVE-2018-8795		rdesktop 输入验证错误漏洞
CVE-2018-8796		rdesktop 缓冲区错误漏洞
CVE-2018-8797		rdesktop 缓冲区错误漏洞
CVE-2018-8798		rdesktop 缓冲区错误漏洞
CVE-2018-8799		rdesktop 缓冲区错误漏洞
CVE-2018-8800		rdesktop 缓冲区错误漏洞

IV. Related Vulnerabilities

Same product: WinRAR

Same vendor: Check Point Software Technologies Ltd.

Same weakness: CWE-787

V. Comments for CVE-2018-20252

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2018-20252

I. Basic Information for CVE-2018-20252

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2018-20252

III. Intelligence Information for CVE-2018-20252

Same Patch Batch · Check Point Software Technologies Ltd. · 2019-02-05 · 13 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2018-20252

Leave a comment