Buffer Overflow Vulnerability in WinRAR by RARLAB
CVE-2005-4474

Currently unrated

Key Information:

Vendor: Rarlab
Status: Winrar
Vendor: CVE Published:; 22 December 2005

Summary

A buffer overflow vulnerability exists in the 'Add to archive' command of WinRAR 3.51, which can be exploited through user-assisted actions. Attackers can potentially induce a denial of service (DoS) or execute arbitrary code by convincing users to add files with specific filenames that include non-default code page characters, as illustrated through examples with Chinese filenames. The issue arises when the WideCharToMultiByte API improperly manages buffer expansion. While there is uncertainty regarding the potential for code execution, the user assistance required makes this vulnerability noteworthy in the context of software security.

References

http://securityreason.com/securityalert/290

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/archive/1/420006/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/15999

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Dec 22, 2005
Vulnerability Reserved
Dec 21, 2005