Published: 20/10/2005 Updated: 10/09/2008

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Format string vulnerability in RARLAB WinRAR 2.90 up to and including 3.50 allows remote malicious users to execute arbitrary code via format string specifiers in a UUE/XXE file, which are not properly handled when WinRAR displays diagnostic errors related to an invalid filename.

Vulnerable Product	Search on Vulmon	Subscribe to Product
rarlab winrar 2.90
rarlab winrar 3.0.0
rarlab winrar 3.10
rarlab winrar 3.10_beta3
rarlab winrar 3.10_beta5
rarlab winrar 3.20
rarlab winrar 3.41
rarlab winrar 3.42
rarlab winrar 3.50
rarlab winrar 3.11
rarlab winrar 3.40

source: wwwsecurityfocuscom/bid/15062/info WinRAR is prone to multiple remote vulnerabilities These issues include a format string and a buffer overflow vulnerability Successful exploitation may allow an attacker to execute arbitrary code on a vulnerable computer WinRAR 350 and prior versions are vulnerable to these issues begin 6 ...

NVD-CWE-Other http://secunia.com/secunia_research/2005-53/advisory/http://www.rarlabs.com/rarnew.htm http://www.securityfocus.com/bid/15062 http://secunia.com/advisories/16973/https://nvd.nist.gov https://www.exploit-db.com/exploits/26342/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-3262

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect