Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability
Vulnerability Description
RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific action on a malicious page. The specific flaw exists within the archive extraction functionality. A crafted archive entry can cause the creation of an arbitrary file without the Mark-Of-The-Web. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current user. Was ZDI-CAN-23156.
CVSS Information
N/A
Vulnerability Type
保护机制失效
Vulnerability Title
RARLAB WinRAR 安全漏洞
Vulnerability Description
WinRAR是一款文件压缩器。该产品支持RAR、ZIP等格式文件的压缩和解压等。 RARLAB WinRAR 存在安全漏洞,该漏洞源于 WinRAR 的 Mark-Of-The-Web 保护机制可以被绕过。攻击者利用该漏洞可以在当前用户的环境中执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A