Buffer Overflow Vulnerability in WinRAR by RARLABS
CVE-2006-3845

Currently unrated

Key Information:

Vendor: Rarlab
Status: Winrar
Vendor: CVE Published:; 25 July 2006

Summary

A stack-based buffer overflow vulnerability exists in the lzh.fmt file processing within WinRAR versions 3.00 to 3.60 beta 6. This flaw can be exploited by remote attackers through the manipulation of long filenames within LHA archives, potentially allowing them to execute arbitrary code on affected systems. Users of vulnerable versions of WinRAR are advised to upgrade to a patched version to mitigate the risks associated with this vulnerability.

References

http://secunia.com/advisories/21080

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/19043

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/27815

vdb-entryx_refsource_XF

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 25, 2006
Vulnerability Reserved
Jul 25, 2006