From c1a3e66d906710e945114d7506ae990b4aa9edfa Mon Sep 17 00:00:00 2001
From: Metasploit <metasploit@rapid7.com>
Date: Wed, 24 Apr 2019 03:56:37 -0700
Subject: [PATCH] automatic module_metadata_base.json update

---
 db/modules_metadata_base.json | 41 +++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
index 602c8c2f14..121f9bafe0 100644
--- a/db/modules_metadata_base.json
+++ b/db/modules_metadata_base.json
@@ -98937,6 +98937,47 @@
     "notes": {
     }
   },
+  "exploit_windows/fileformat/winrar_ace": {
+    "name": "RARLAB WinRAR ACE Format Input Validation Remote Code Execution",
+    "full_name": "exploit/windows/fileformat/winrar_ace",
+    "rank": 600,
+    "disclosure_date": "2019-02-05",
+    "type": "exploit",
+    "author": [
+      "Nadav Grossman",
+      "Imran E. Dawoodjee <imrandawoodjee.infosec@gmail.com>"
+    ],
+    "description": "In WinRAR versions prior to and including 5.61, there is path traversal vulnerability\n        when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename\n        field is manipulated with specific patterns, the destination (extraction) folder is\n        ignored, thus treating the filename as an absolute path. This module will attempt to\n        extract a payload to the startup folder of the current user. It is limited such that\n        we can only go back one folder. Therefore, for this exploit to work properly, the user\n        must extract the supplied RAR file from one folder within the user profile folder\n        (e.g. Desktop or Downloads). User restart is required to gain a shell.",
+    "references": [
+      "CVE-2018-20250",
+      "EDB-46552",
+      "BID-106948",
+      "URL-https://research.checkpoint.com/extracting-code-execution-from-winrar/",
+      "URL-https://apidoc.roe.ch/acefile/latest/",
+      "URL-http://www.hugi.scene.org/online/coding/hugi%2012%20-%20coace.htm"
+    ],
+    "platform": "Windows",
+    "arch": "",
+    "rport": null,
+    "autofilter_ports": [
+
+    ],
+    "autofilter_services": [
+
+    ],
+    "targets": [
+      "RARLAB WinRAR <= 5.61"
+    ],
+    "mod_time": "2019-04-24 05:43:28 +0000",
+    "path": "/modules/exploits/windows/fileformat/winrar_ace.rb",
+    "is_install_path": true,
+    "ref_name": "windows/fileformat/winrar_ace",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    }
+  },
   "exploit_windows/fileformat/winrar_name_spoofing": {
     "name": "WinRAR Filename Spoofing",
     "full_name": "exploit/windows/fileformat/winrar_name_spoofing",