First published: Thu Oct 20 2005(Updated: )
Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via format string specifiers in a UUE/XXE file, which are not properly handled when WinRAR displays diagnostic errors related to an invalid filename.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
RARLAB WinRAR | =3.50 | |
RARLAB WinRAR | =3.0.0 | |
RARLAB WinRAR | =3.10 | |
RARLAB WinRAR | =3.41 | |
RARLAB WinRAR | =3.20 | |
RARLAB WinRAR | =3.42 | |
RARLAB WinRAR | =2.90 | |
RARLAB WinRAR | =3.40 | |
RARLAB WinRAR | =3.10_beta3 | |
RARLAB WinRAR | =3.10_beta5 | |
RARLAB WinRAR | =3.11 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.