CNNVD-202507-3276 Information

Jul 25, 2025 cve

CNNVD ID

CNNVD-202507-3276

CVE-2014-125119

CNNVD Published: 2025-07-25

Description (Chinese)

WinRAR是WinRAR公司的一款文件压缩器。该产品支持RAR、ZIP等格式文件的压缩和解压等。 WinRAR存在安全漏洞，该漏洞源于ZIP文件中文件名显示不一致，可能导致文件名欺骗和远程代码执行。

Description (English)

WinRAR is a file compressor for WinRAR. The product supports the compression and decompression of documents in RAR, ZIP, etc. WinRAR had a security loophole, which stemmed from the inconsistent display of file names in ZIP files, which could lead to file name fraud and remote code execution.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

WinRAR

Published

2025-07-25

Last Modified

2026-02-24

References

https://an7isec.blogspot.com/2014/03/winrar-file-extension-spoofing-0day.html https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/winrar_name_spoofing.rb http://intelcrawler.com/news-15 https://web.archive.org/web/20140625054244/ https://www.intelcrawler.com/report_2603.pdf https://web.archive.org/web/20141111142204/ https://www.rarlab.com/vuln_zip_spoofing_4.20.html https://www.vulncheck.com/advisories/winrar-filename-spoofing-rce https://access.redhat.com/security/cve/cve-2014-125119

Share on: