漏洞类别:Local
漏洞等级: 
漏洞信息
WinRAR is a shareware file archiver and compressor utility for Windows. It can create archives in RAR or ZIP file formats and unpack numerous archive file formats.
The file-execution functionality in WinRAR allows local users to escalate privileges via a Trojan horse file with a name similar to an extensionless filename.
Affected Versions:
WinRAR prior to 5.30 Beta 5
漏洞危害
An attacker could exploit this vulnerability by convincing a user to open a file without an extension through WinRAR, a file with the same name with a file extension in the same folder will be executed with the privileges of WinRAR.
解决方案
Download and install the latest version from RARLab
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论