6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.086 Low
EPSS
Percentile
94.4%
iDefense reports:
Remote exploitation of a stack based buffer overflow
vulnerability in RARLabs Unrar may allow an attacker to
execute arbitrary code with the privileges of the user
opening the archive.
Unrar is prone to a stack based buffer overflow when
processing specially crafted password protected
archives.
If users are using the vulnerable command line based
unrar, they still need to interact with the program in
order to trigger the vulnerability. They must respond to
the prompt asking for the password, after which the
vulnerability will be triggered. They do not need to enter
a correct password, but they must at least push the enter
key.