Format string vulnerability in RARLAB WinRAR 2.90 up to and including 3.50 allows remote malicious users to execute arbitrary code via format string specifiers in a UUE/XXE file, which are not properly handled when WinRAR displays diagnostic errors related to an invalid filename.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
rarlab winrar 2.90 |
||
rarlab winrar 3.0.0 |
||
rarlab winrar 3.10 |
||
rarlab winrar 3.10_beta3 |
||
rarlab winrar 3.10_beta5 |
||
rarlab winrar 3.20 |
||
rarlab winrar 3.41 |
||
rarlab winrar 3.42 |
||
rarlab winrar 3.50 |
||
rarlab winrar 3.11 |
||
rarlab winrar 3.40 |