High severity7.4NVD Advisory· Published Dec 30, 2015· Updated May 6, 2026

CVE-2015-5663

Description

The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name similar to an extensionless filename that was selected by the user.

Affected products

Rarlab/Winrar2 versions
cpe:2.3:a:rarlab:winrar:*:beta_4:*:*:*:*:x64:*+ 1 more
- cpe:2.3:a:rarlab:winrar:*:beta_4:*:*:*:*:x64:*range: <=5.30
- cpe:2.3:a:rarlab:winrar:*:beta_4:*:*:*:*:x86:*range: <=5.30

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

jvn.jp/en/jp/JVN64636058/index.htmlnvdVendor Advisory
jvndb.jvn.jp/jvndb/JVNDB-2015-000199nvdVendor Advisory
www.securityfocus.com/bid/79666nvd
www.securitytracker.com/id/1034881nvd

News mentions

No linked articles in our index yet.

cvss	0.481
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000