Buffer Overflow Vulnerability in WinRAR by RARLAB
CVE-2005-4474

Currently unrated

Key Information:

Vendor

Rarlab

Status
Winrar
Vendor
CVE Published:
22 December 2005

What is CVE-2005-4474?

A buffer overflow vulnerability exists in the 'Add to archive' command of WinRAR 3.51, which can be exploited through user-assisted actions. Attackers can potentially induce a denial of service (DoS) or execute arbitrary code by convincing users to add files with specific filenames that include non-default code page characters, as illustrated through examples with Chinese filenames. The issue arises when the WideCharToMultiByte API improperly manages buffer expansion. While there is uncertainty regarding the potential for code execution, the user assistance required makes this vulnerability noteworthy in the context of software security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://securityreason.com/securityalert/290
third-party-advisoryx_refsource_SREASON
http://www.securityfocus.com/archive/1/420006/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/15999
vdb-entryx_refsource_BID

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.