|
|
>> WinRAR Archive Handling Format String and Buffer Overflow Issues
|
Title : WinRAR Archive Handling Format String and Buffer Overflow Issues
VUPEN ID : VUPEN/ADV-2005-2030
CVE ID : CVE-2005-3262 - CVE-2005-3263
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-10-11
|
Two vulnerabilities were identified in WinRAR, which could be exploited by attackers to execute arbitrary commands.
The first issue is due to a format string error when displaying a specially crafted diagnostic error message that informs the user of an invalid filename in an UUE/XXE encoded file, which could be exploited to execute arbitrary code when a malicious UUE/XXE file is decoded.
The second flaw is due to a stack overflow error in "UNACEV2.DLL" when processing an ACE archive containing a file with an overly long filename, which could be exploited to execute arbitrary commands by convincing a user to extract a malicious file.
Affected Products
WinRAR versions prior to 3.51
Solution
Upgrade to WinRAR version 3.51 :
http://www.rarlabs.com/rarnew.htm
References
http://www.vupen.com/english/advisories/2005/2030
http://secunia.com/secunia_research/2005-53/advisory/
Credits
Vulnerabilities reported by Tan Chew Keong
ChangeLog
2005-10-11 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
