logo
DATABASE RESOURCES PRICING ABOUT US

WinRAR ZIP File Handling Filename Spoofing Vulnerability

Description

Added: 04/28/2014 BID: [66383](<http://www.securityfocus.com/bid/66383>) OSVDB: [62610](<http://www.osvdb.org/62610>) ### Background WinRAR is a shareware file archiver and data compression utility which runs on Microsoft Windows. It can create archives in ZIP format, as well as its own proprietary RAR format, and unpack a variety of other archive types. ### Problem WinRAR 4.x is vulnerable to remote code execution when handling ZIP files. An extracted filename can be spoofed when the filename shown to the user (from the ZIP file central directory) is different than the filename used to uncompress the file to the system (from the local file header). A remote attacker who persuades a user to open a specially crafted ZIP file could execute arbitrary code in the context of the vulnerable user. ### Resolution Upgrade to WinRAR 5.x. ### References <http://www.rarlab.com/vuln_zip_spoofing_4.20.html> ### Limitations Exploit works on WinRAR 4.20 and 4.11 on Windows Server 2003 R2 and Windows 7. The user must open the exploit file in a vulnerable version of WinRAR. ### Platforms Windows