Format String Vulnerability in RARLAB WinRAR Affects Multiple Versions
CVE-2005-3262

Currently unrated

Key Information:

Vendor

Rarlab

Status
Winrar
Vendor
CVE Published:
20 October 2005

What is CVE-2005-3262?

A format string vulnerability exists in RARLAB WinRAR versions 2.90 to 3.50. This issue allows remote attackers to exploit improper handling of format string specifiers in UUE/XXE files. When WinRAR displays diagnostic error messages regarding an invalid filename, it fails to properly validate the input, which can lead to remote code execution. This can pose significant risks as attackers may gain unauthorized access to system resources. Users are encouraged to update to the latest version to mitigate this vulnerability.

References

http://www.securityfocus.com/bid/15062
vdb-entryx_refsource_BID
http://secunia.com/advisories/16973/
third-party-advisoryx_refsource_SECUNIA
http://www.rarlabs.com/rarnew.htm
x_refsource_CONFIRM

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.