Winrar@3.41 Security Vulnerabilities and Issues — Winrar@3.41 CVE List

Lucene search

RarlabWinrar3.41

4 matches found

CVE•added 2005/05/02 4:0 a.m.•58 views

CVE-2005-0331

Directory traversal vulnerability in WinRAR 3.42 and earlier, when the user clicks on the ZIP file to extract it, allows remote attackers to create arbitrary files via a ... (triple dot) in the filename of the ZIP file.

2.6CVSS7.1AI score0.00383EPSS

CVE•added 2005/01/10 5:0 a.m.•40 views

CVE-2004-1254

WinRAR 3.40, and possibly earlier versions, allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, possibly causing an integer overflow that leads to a buffer overflow.

10CVSS8.6AI score0.05202EPSS

CVE•added 2005/10/20 10:2 a.m.•40 views

CVE-2005-3263

Stack-based buffer overflow in UNACEV2.DLL for RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via an ACE archive containing a file with a long name.

7.5CVSS8.5AI score0.05421EPSS

CVE•added 2005/10/20 10:2 a.m.•39 views

CVE-2005-3262

Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via format string specifiers in a UUE/XXE file, which are not properly handled when WinRAR displays diagnostic errors related to an invalid filename.

7.5CVSS8.1AI score0.09615EPSS