The flaw existed in unacev2.dll , a third-party library WinRAR used to unpack files. Path Traversal: Attackers could bypass folder restrictions.
This vulnerability allowed attackers to execute code remotely by simply having a user extract a specially crafted archive. 🛡️ The Vulnerability: CVE-2018-20250 22793.rar
When a user opens "22793.rar" (or similar ACE-based exploits): The flaw existed in unacev2
The file is a well-known proof-of-concept (PoC) archive used to demonstrate a critical vulnerability in WinRAR (tracked as CVE-2018-20250 ). The flaw existed in unacev2.dll
No complex exploit was needed; the Windows Startup folder handled the execution.