CVE-2008-7144
First published: Tue Sep 01 2009(Updated: )
Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have unknown impact and attack vectors related to crafted (1) ACE, (2) ARJ, (3) BZ2, (4) CAB, (5) GZ, (6) LHA, (7) RAR, (8) TAR, or (9) ZIP files, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WinRAR | <=3.70 | |
| WinRAR | =2.90 | |
| WinRAR | =3.0.0 | |
| WinRAR | =3.10 | |
| WinRAR | =3.10_beta3 | |
| WinRAR | =3.10_beta5 | |
| WinRAR | =3.11 | |
| WinRAR | =3.20 | |
| WinRAR | =3.30 | |
| WinRAR | =3.40 | |
| WinRAR | =3.41 | |
| WinRAR | =3.42 | |
| WinRAR | =3.50 | |
| WinRAR | =3.51 | |
| WinRAR | =3.60_beta1 | |
| WinRAR | =3.60_beta2 | |
| WinRAR | =3.60_beta3 | |
| WinRAR | =3.60_beta4 | |
| WinRAR | =3.60_beta5 | |
| WinRAR | =3.60_beta6 | |
| WinRAR | =3.60_beta7 | |
| WinRAR | =3.60_beta8 | |
| WinRAR | =3.61 | |
| WinRAR | =3.62 | |
| WinRAR | =3.70_beta1 | |
| WinRAR | =3.70_beta2 | |
| WinRAR | =3.70_beta3 | |
| WinRAR | =3.70_beta4 | |
| WinRAR | =3.70_beta5 | |
| WinRAR | =3.70_beta6 | |
| WinRAR | =3.70_beta7 | |
| WinRAR | =3.70_beta8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/29407
- http://www.vupen.com/english/advisories/2008/0916/references
- http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/
- http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
- http://osvdb.org/43439
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41251
Frequently Asked Questions
What is the severity of CVE-2008-7144?
The severity of CVE-2008-7144 is currently unspecified, as the exact impact and attack vectors have not been detailed.
How do I fix CVE-2008-7144?
To mitigate CVE-2008-7144, users should upgrade to WinRAR version 3.71 or later.
What software is affected by CVE-2008-7144?
CVE-2008-7144 affects multiple versions of RARLAB WinRAR, specifically versions prior to 3.71.
Can I still use older versions of WinRAR despite CVE-2008-7144?
Using older versions of WinRAR is not recommended due to the unidentified vulnerabilities associated with CVE-2008-7144.
What types of files may exploit CVE-2008-7144 vulnerabilities?
CVE-2008-7144 vulnerabilities may be exploited through specially crafted ACE, ARJ, BZ2, CAB, GZ, LHA, RAR, TAR, or ZIP files.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/rarlab
- canonical/winrar
- version/winrar/3.70
- version/winrar/2.90
- version/winrar/3.0.0
- version/winrar/3.10
- version/winrar/3.10_beta3
- version/winrar/3.10_beta5
- version/winrar/3.11
- version/winrar/3.20
- version/winrar/3.30
- version/winrar/3.40
- version/winrar/3.41
- version/winrar/3.42
- version/winrar/3.50
- version/winrar/3.51
- version/winrar/3.60_beta1
- version/winrar/3.60_beta2
- version/winrar/3.60_beta3
- version/winrar/3.60_beta4
- version/winrar/3.60_beta5
- version/winrar/3.60_beta6
- version/winrar/3.60_beta7
- version/winrar/3.60_beta8
- version/winrar/3.61
- version/winrar/3.62
- version/winrar/3.70_beta1
- version/winrar/3.70_beta2
- version/winrar/3.70_beta3
- version/winrar/3.70_beta4
- version/winrar/3.70_beta5
- version/winrar/3.70_beta6
- version/winrar/3.70_beta7
- version/winrar/3.70_beta8