WinRAR SFX Module Archive Comment Processing Overflow

2006-07-05T15:18:47
ID OSVDB:27031
Type osvdb
Reporter posidron(posidron@tripbit.org)
Modified 2006-07-05T15:18:47

Description

Vulnerability Description

A local overflow exists in WinRAR. WinRAR fails to process archive comment when extracting files resulting in a stack overflow. With a specially crafted file, an attacker can cause an application overflow resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

A local overflow exists in WinRAR. WinRAR fails to process archive comment when extracting files resulting in a stack overflow. With a specially crafted file, an attacker can cause an application overflow resulting in a loss of integrity.

References:

Vendor Specific News/Changelog Entry: http://www.rarlabs.com/rarnew.htm ISS X-Force ID: 27815 Generic Exploit URL: http://milw0rm.com/exploits/1985 Generic Exploit URL: http://www.milw0rm.com/exploits/1984 Generic Exploit URL: http://www.milw0rm.org/exploits/1985 Generic Exploit URL: http://milw0rm.com/exploits/1992 CVE-2006-3912