-= Unl0ck Team Security Advisory =-
____ ___ __ _______ __ ___________
| | \____ | | \ _ \ ____ | | __ \__ ___/___ _____ _____
| | / \| | / /_\ \_ / ___\| |/ / | |_/ __ \\__ \ / \
| | / | \ |_\ \_/ \ \___ | < | |\ ___/ / __ \| Y Y \
|______/|___| /____/\_____ /\_____ >__|_ \ |____| \___ >____ /__|_| /
\/ \/ \/ \/ \/ \/ \/
... the best way of protection is attack
http://unl0ck.void.ru
Advisory : #10 by unl0ck team
Product : WinRAR <= 3.41
Vendor : http://rarlabs.com
Date : 19.12.2004
Impact : buffer overflow
Advisory URL : http://unl0ck.void.ru/papers/adv/vpopmail2.txt
-=[ Overview
WinRAR best compressor/decompressor all over the World!
]=-
-=[ Vulnerability
Buffer Overflow vulnerability exist in delete() function in WinRAR.
We released some demo exploit. You Can see it in our site in "Exploits" Section.
DemoExploit create archive with long filename. Try to open archive, then try to delete file onto archive.
]=-
-=[ Credits
Found this bug Dark Eagle
Unl0ck Team [http://unl0ck.void.ru]
]=-