Format String Vulnerability in RARLAB WinRAR Affects Multiple Versions
CVE-2005-3262

Currently unrated

Key Information:

Vendor: Rarlab
Status: Winrar
Vendor: CVE Published:; 20 October 2005

Summary

A format string vulnerability exists in RARLAB WinRAR versions 2.90 to 3.50. This issue allows remote attackers to exploit improper handling of format string specifiers in UUE/XXE files. When WinRAR displays diagnostic error messages regarding an invalid filename, it fails to properly validate the input, which can lead to remote code execution. This can pose significant risks as attackers may gain unauthorized access to system resources. Users are encouraged to update to the latest version to mitigate this vulnerability.

References

http://www.securityfocus.com/bid/15062

vdb-entryx_refsource_BID

http://secunia.com/advisories/16973/

third-party-advisoryx_refsource_SECUNIA

http://www.rarlabs.com/rarnew.htm

x_refsource_CONFIRM

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 20, 2005
Vulnerability Reserved
Oct 20, 2005