Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-4620 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Winrar

5 documents4 sources
Severity
4.6MEDIUMNVD
EPSS
0.2%
top 58.35%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Rarlab Winrar
Timeline
PublishedDec 31
Latest updateMay 1

Description

Buffer overflow in WinRAR 3.50 and earlier allows local users to execute arbitrary code via a long command-line argument. NOTE: because this program executes with the privileges of the invoking user, and because remote programs do not normally have the ability to specify a command-line argument for this program, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

â–¶NVDrarlab/winrar12 versions+11

🔴Vulnerability Details

2
GHSA
GHSA-4cg6-r453-9frw: Buffer overflow in WinRAR 3↗2022-05-01
â–¶
CVEList
CVE-2005-4620: Buffer overflow in WinRAR 3↗2006-01-06
â–¶

💥Exploits & PoCs

2
Exploit-DB
WinRAR 3.30 - 'Filename' Local Buffer Overflow (1)↗2006-01-04
â–¶
Exploit-DB
WinRAR 3.30 - 'Filename' Local Buffer Overflow (2)↗2006-01-04
â–¶
CVE-2005-4620 — Rarlab Winrar vulnerability | cvebase