Rarlab WinRAR up to 3.90/4.x ZIP File Parser input validation

Summaryinfo

A vulnerability classified as problematic has been found in Rarlab WinRAR up to 3.90/4.x. This affects an unknown part of the component ZIP File Parser. Performing a manipulation results in input validation. This vulnerability is known as CVE-2014-125119. Remote exploitation of the attack is possible. Furthermore, an exploit is available. It is recommended to upgrade the affected component.

Detailsinfo

A vulnerability was found in Rarlab WinRAR up to 3.90/4.x. It has been classified as problematic. This affects some unknown processing of the component ZIP File Parser. The manipulation with an unknown input leads to a input validation vulnerability. CWE is classifying the issue as CWE-20. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. This is going to have an impact on integrity. The summary by CVE is:

A filename spoofing vulnerability exists in WinRAR when opening specially crafted ZIP archives. The issue arises due to inconsistencies between the Central Directory and Local File Header entries in ZIP files. When viewed in WinRAR, the file name from the Central Directory is displayed to the user, while the file from the Local File Header is extracted and executed. An attacker can leverage this flaw to spoof filenames and trick users into executing malicious payloads under the guise of harmless files, potentially leading to remote code execution.

The weakness was published by chr1x. It is possible to read the advisory at rarlab.com. This vulnerability is uniquely identified as CVE-2014-125119 since 07/24/2025. The exploitability is told to be easy. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but a public exploit is available.

The exploit is shared for download at raw.githubusercontent.com. It is declared as attacked.

Upgrading to version 3.91 or 5.00 eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2014-9805). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Type

• File Compression Software

Vendor

• Rarlab

Name

• WinRAR

Version

• 3.0
• 3.1
• 3.2
• 3.3
• 3.4
• 3.5
• 3.6
• 3.7
• 3.8
• 3.9
• 3.10
• 3.11
• 3.12
• 3.13
• 3.14
• 3.15
• 3.16
• 3.17
• 3.18
• 3.19
• 3.20
• 3.21
• 3.22
• 3.23
• 3.24
• 3.25
• 3.26
• 3.27
• 3.28
• 3.29
• 3.30
• 3.31
• 3.32
• 3.33
• 3.34
• 3.35
• 3.36
• 3.37
• 3.38
• 3.39
• 3.40
• 3.41
• 3.42
• 3.43
• 3.44
• 3.45
• 3.46
• 3.47
• 3.48
• 3.49
• 3.50
• 3.51
• 3.52
• 3.53
• 3.54
• 3.55
• 3.56
• 3.57
• 3.58
• 3.59
• 3.60
• 3.61
• 3.62
• 3.63
• 3.64
• 3.65
• 3.66
• 3.67
• 3.68
• 3.69
• 3.70
• 3.71
• 3.72
• 3.73
• 3.74
• 3.75
• 3.76
• 3.77
• 3.78
• 3.79
• 3.80
• 3.81
• 3.82
• 3.83
• 3.84
• 3.85
• 3.86
• 3.87
• 3.88
• 3.89
• 3.90
• 4.x

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Discussion