Integer Signedness Error in Unrar Affects WinRAR and RAR for OS X
CVE-2007-3726

Currently unrated

Key Information:

Vendor
Rarlab
Status
Unrar
Vendor
CVE Published:
12 July 2007

Summary

An integer signedness error exists in the SET_VALUE function of rarvm.cpp within the Unrar component of WinRAR and RAR for OS X. This vulnerability can be exploited by attackers who provide specially crafted RAR archives, which, when processed, can cause the application to crash. This can lead to a Denial of Service condition as a result of negative signed numbers being incorrectly cast to large unsigned numbers, enabling user-assisted remote attacks.

References

http://www.securityfocus.com/archive/1/473376/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/475155/30/5610/thr...
mailing-listx_refsource_BUGTRAQ
http://osvdb.org/39603
vdb-entryx_refsource_OSVDB

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2007-3726 : Integer Signedness Error in Unrar Affects WinRAR and RAR for OS X | SecurityVulnerability.io