WinRAR ZIP File Handling Filename Spoofing Vulnerability

Added: 04/28/2014
BID: 66383
OSVDB: 62610


WinRAR is a shareware file archiver and data compression utility which runs on Microsoft Windows. It can create archives in ZIP format, as well as its own proprietary RAR format, and unpack a variety of other archive types.


WinRAR 4.x is vulnerable to remote code execution when handling ZIP files. An extracted filename can be spoofed when the filename shown to the user (from the ZIP file central directory) is different than the filename used to uncompress the file to the system (from the local file header). A remote attacker who persuades a user to open a specially crafted ZIP file could execute arbitrary code in the context of the vulnerable user.


Upgrade to WinRAR 5.x.



Exploit works on WinRAR 4.20 and 4.11 on Windows Server 2003 R2 and Windows 7.

The user must open the exploit file in a vulnerable version of WinRAR.



Back to exploit index