Detections
Analytics

CVE-2014-125119

high

Description

A filename spoofing vulnerability exists in WinRAR when opening specially crafted ZIP archives. The issue arises due to inconsistencies between the Central Directory and Local File Header entries in ZIP files. When viewed in WinRAR, the file name from the Central Directory is displayed to the user, while the file from the Local File Header is extracted and executed. An attacker can leverage this flaw to spoof filenames and trick users into executing malicious payloads under the guise of harmless files, potentially leading to remote code execution.

References

https://www.vulncheck.com/advisories/winrar-filename-spoofing-rce

https://www.rarlab.com/vuln_zip_spoofing_4.20.html

https://web.archive.org/web/20141111142204/https://www.intelcrawler.com/report_2603.pdf

https://web.archive.org/web/20140625054244/http://intelcrawler.com/news-15

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/winrar_name_spoofing.rb

https://an7isec.blogspot.com/2014/03/winrar-file-extension-spoofing-0day.html

Details

Source: Mitre, NVD

Published: 2025-07-25

Updated: 2025-07-29

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.3

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Severity: High

CVSS v4

Base Score: 8.4

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.00256