Lucene search
HistoryJan 10, 2005 - 5:00 a.m.
CVE-2004-1254
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
8.2
Confidence
High
EPSS
0.027
Percentile
90.6%
WinRAR 3.40, and possibly earlier versions, allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, possibly causing an integer overflow that leads to a buffer overflow.
Affected configurations
Node
rarlabwinrarMatch3.0.0
ORrarlabwinrarMatch3.10
ORrarlabwinrarMatch3.10_beta3
ORrarlabwinrarMatch3.10_beta5
ORrarlabwinrarMatch3.11
ORrarlabwinrarMatch3.20
ORrarlabwinrarMatch3.40
ORrarlabwinrarMatch3.41
| Vendor | Product | Version | CPE |
|---|---|---|---|
| rarlab | winrar | 3.0.0 | cpe:2.3:a:rarlab:winrar:3.0.0:*:*:*:*:*:*:* |
| rarlab | winrar | 3.10 | cpe:2.3:a:rarlab:winrar:3.10:*:*:*:*:*:*:* |
| rarlab | winrar | 3.10_beta3 | cpe:2.3:a:rarlab:winrar:3.10_beta3:*:*:*:*:*:*:* |
| rarlab | winrar | 3.10_beta5 | cpe:2.3:a:rarlab:winrar:3.10_beta5:*:*:*:*:*:*:* |
| rarlab | winrar | 3.11 | cpe:2.3:a:rarlab:winrar:3.11:*:*:*:*:*:*:* |
| rarlab | winrar | 3.20 | cpe:2.3:a:rarlab:winrar:3.20:*:*:*:*:*:*:* |
| rarlab | winrar | 3.40 | cpe:2.3:a:rarlab:winrar:3.40:*:*:*:*:*:*:* |
| rarlab | winrar | 3.41 | cpe:2.3:a:rarlab:winrar:3.41:*:*:*:*:*:*:* |
Related
exploitdb
exploitdb
WinRAR 3.4.1 - Corrupt '.ZIP' File
2004-12-16 00:00:00
cve
cve
CVE-2004-1254
2005-01-10 05:00:00
cvelist
cvelist
CVE-2004-1254
2004-12-22 05:00:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
8.2
Confidence
High
EPSS
0.027
Percentile
90.6%
Related for NVD:CVE-2004-1254