CVE Vulnerabilities

CVE-2005-3262

Published: Oct 20, 2005 | Modified: Sep 10, 2008
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via format string specifiers in a UUE/XXE file, which are not properly handled when WinRAR displays diagnostic errors related to an invalid filename.

Affected Software

Name Vendor Start Version End Version
Winrar Rarlab 2.90 2.90
Winrar Rarlab 3.0.0 3.0.0
Winrar Rarlab 3.10 3.10
Winrar Rarlab 3.10_beta3 3.10_beta3
Winrar Rarlab 3.10_beta5 3.10_beta5
Winrar Rarlab 3.11 3.11
Winrar Rarlab 3.20 3.20
Winrar Rarlab 3.40 3.40
Winrar Rarlab 3.41 3.41
Winrar Rarlab 3.42 3.42
Winrar Rarlab 3.50 3.50

References