CVE-2005-3262

Properties

Published:
19.10.2005
Updated:
20.10.2005
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N) Approximated
Product:
RARLAB: WinRar
RARLAB: WinRar
RARLAB: WinRar
RARLAB: WinRar
RARLAB: WinRar
RARLAB: WinRar
RARLAB: WinRar
RARLAB: WinRar
RARLAB: WinRar
RARLAB: WinRar
RARLAB: WinRar
RARLAB: WinRar

Vulnerability description

Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via format string specifiers in a UUE/XXE file, which are not properly handled when WinRAR displays diagnostic errors related to an invalid filename.

References:

http://secunia.com/secunia_research/2005-53/advisory/: http://secunia.com/secunia_research/2005-53/advisory/
http://www.rarlabs.com/rarnew.htm: http://www.rarlabs.com/rarnew.htm
BID: http://www.securityfocus.com/bid/15062
SECUNIA: http://secunia.com/advisories/16973/
BID: http://www.securityfocus.com/bid/15062/