Sign-up

ID

VAR-201510-0773


TITLE

WinRAR SFX Remote Code Execution Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2015-06786

DESCRIPTION

WinRAR is a very popular compression / decompression tool. WInRAR SFX v5.21, the Text and Icon function of the Text to display in SFX window module has a remote code execution security vulnerability. A remote attacker exploits this vulnerability with a compressed package with a malicious payload, which can successfully execute specific system code to crack the system, network or device.

Trust: 0.6

sources: CNVD: CNVD-2015-06786

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-06786

AFFECTED PRODUCTS

vendor:winrarmodel:winrarscope:eqversion:5.21

Trust: 0.6

sources: CNVD: CNVD-2015-06786

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2015-06786
value: HIGH

Trust: 0.6

CNVD: CNVD-2015-06786
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2015-06786

EXTERNAL IDS

db:CNVDid:CNVD-2015-06786

Trust: 0.6

sources: CNVD: CNVD-2015-06786

REFERENCES

url:http://seclists.org/fulldisclosure/2015/sep/106

Trust: 0.6

sources: CNVD: CNVD-2015-06786

SOURCES

db:CNVDid:CNVD-2015-06786

LAST UPDATE DATE

2022-05-04T10:19:45.242000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2015-06786date:2015-10-22T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2015-06786date:2015-10-22T00:00:00