First published: Thu Oct 20 2005(Updated: )
Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via format string specifiers in a UUE/XXE file, which are not properly handled when WinRAR displays diagnostic errors related to an invalid filename.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
WinRAR | =2.90 | |
WinRAR | =3.0.0 | |
WinRAR | =3.10 | |
WinRAR | =3.10_beta3 | |
WinRAR | =3.10_beta5 | |
WinRAR | =3.11 | |
WinRAR | =3.20 | |
WinRAR | =3.40 | |
WinRAR | =3.41 | |
WinRAR | =3.42 | |
WinRAR | =3.50 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2005-3262 is classified as a critical vulnerability due to its potential to allow remote code execution.
To fix CVE-2005-3262, upgrade WinRAR to a version that is not affected, specifically versions later than 3.50.
WinRAR versions 2.90 through 3.50 are affected by CVE-2005-3262.
CVE-2005-3262 is a format string vulnerability that can be exploited through specially crafted UUE/XXE files.
Yes, CVE-2005-3262 can be exploited remotely by attackers using malicious files.