Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WinRAR < 5.00 Filename Spoofing RCE
Vulnerability Description
A filename spoofing vulnerability exists in WinRAR when opening specially crafted ZIP archives. The issue arises due to inconsistencies between the Central Directory and Local File Header entries in ZIP files. When viewed in WinRAR, the file name from the Central Directory is displayed to the user, while the file from the Local File Header is extracted and executed. An attacker can leverage this flaw to spoof filenames and trick users into executing malicious payloads under the guise of harmless files, potentially leading to remote code execution.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
WinRAR 安全漏洞
Vulnerability Description
WinRAR是WinRAR公司的一款文件压缩器。该产品支持RAR、ZIP等格式文件的压缩和解压等。 WinRAR存在安全漏洞,该漏洞源于ZIP文件中文件名显示不一致,可能导致文件名欺骗和远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A