Directory Traversal Flaw in WinRAR Product by RARLAB
CVE-2005-0331

Currently unrated

Key Information:

Vendor: Rarlab
Status: Winrar
Vendor: CVE Published:; 2 May 2005

Summary

A directory traversal vulnerability exists in WinRAR versions 3.42 and earlier, which can be exploited when users extract ZIP files. This flaw arises from insufficient validation of filenames, allowing attackers to manipulate file paths and create arbitrary files on the user's system. This poses significant risks, as malicious ZIP files can be carefully crafted to execute unauthorized file manipulations or installations during the extraction process.

References

http://www.securityfocus.com/bid/12422

vdb-entryx_refsource_BID

http://marc.info/?l=bugtraq&m=110737609604210&w=2

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/20585

vdb-entryx_refsource_XF

Timeline

Vulnerability published
May 2, 2005
Vulnerability Reserved
Feb 10, 2005