CVE-2005-3262 | Vulnerability Database | Aqua Security

Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via format string specifiers in a UUE/XXE file, which are not properly handled when WinRAR displays diagnostic errors related to an invalid filename.

Affected Software

Name	Vendor	Start Version	End Version
Winrar	Rarlab	2.90 (including)	2.90 (including)
Winrar	Rarlab	3.0.0 (including)	3.0.0 (including)
Winrar	Rarlab	3.10 (including)	3.10 (including)
Winrar	Rarlab	3.10_beta3 (including)	3.10_beta3 (including)
Winrar	Rarlab	3.10_beta5 (including)	3.10_beta5 (including)
Winrar	Rarlab	3.11 (including)	3.11 (including)
Winrar	Rarlab	3.20 (including)	3.20 (including)
Winrar	Rarlab	3.40 (including)	3.40 (including)
Winrar	Rarlab	3.41 (including)	3.41 (including)
Winrar	Rarlab	3.42 (including)	3.42 (including)
Winrar	Rarlab	3.50 (including)	3.50 (including)

References

http://secunia.com/advisories/16973/
http://secunia.com/secunia_research/2005-53/advisory/
http://www.rarlabs.com/rarnew.htm
http://www.securityfocus.com/bid/15062

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-3262
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html