Page 3 of 18 results (0.011 seconds)

CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0

Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by tricking the user into adding a file whose filename contains a non-default code page and non-ANSI characters, as demonstrated using a Chinese filename, possibly due to buffer expansion when using the WideCharToMultiByte API. NOTE: it is not clear whether this problem can be exploited for code execution. If not, then perhaps the user-assisted nature of the attack should exclude the issue from inclusion in CVE. • http://securityreason.com/securityalert/290 http://www.securityfocus.com/archive/1/420006/100/0/threaded http://www.securityfocus.com/bid/15999 •

CVSS: 7.5EPSS: 8%CPEs: 11EXPL: 1

Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via format string specifiers in a UUE/XXE file, which are not properly handled when WinRAR displays diagnostic errors related to an invalid filename. • https://www.exploit-db.com/exploits/26342 http://secunia.com/advisories/16973 http://secunia.com/secunia_research/2005-53/advisory http://www.rarlabs.com/rarnew.htm http://www.securityfocus.com/bid/15062 •

CVSS: 7.5EPSS: 9%CPEs: 11EXPL: 0

Stack-based buffer overflow in UNACEV2.DLL for RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via an ACE archive containing a file with a long name. • http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0266.html http://secunia.com/advisories/16973 http://secunia.com/secunia_research/2005-53/advisory http://www.osvdb.org/19915 http://www.rarlabs.com/rarnew.htm http://www.securityfocus.com/bid/15062 •

CVSS: 2.6EPSS: 0%CPEs: 9EXPL: 0

Directory traversal vulnerability in WinRAR 3.42 and earlier, when the user clicks on the ZIP file to extract it, allows remote attackers to create arbitrary files via a ... (triple dot) in the filename of the ZIP file. • http://marc.info/?l=bugtraq&m=110737609604210&w=2 http://www.securityfocus.com/bid/12422 https://exchange.xforce.ibmcloud.com/vulnerabilities/20585 •

CVSS: 2.6EPSS: 0%CPEs: 8EXPL: 0

The Repair Archive command in WinRAR 3.40 allows remote attackers to cause a denial of service (application crash) via a corrupt ZIP archive. • http://marc.info/?l=bugtraq&m=109941351432699&w=2 http://secunia.com/advisories/13070 http://www.rarlabs.com/rarnew.htm http://www.securityfocus.com/bid/11581 https://exchange.xforce.ibmcloud.com/vulnerabilities/17937 •