Wednesday, March 19, 2008 10:16 AM cmosby

WinRAR Multiple Unspecified Vulnerabilities - Advisories - Secunia

 

WinRAR Multiple Unspecified Vulnerabilities

Secunia Advisory:
SA29407

Release Date:
2008-03-19

Critical:

Highly critical

Impact:
DoS
System access

Where:
From remote

Solution Status:
Vendor Patch

Software:
WinRAR 3.x

Description:
Some vulnerabilities have been reported in WinRAR, which can potentially be exploited by malicious people to compromise a vulnerable system.

The vulnerabilities are caused due to unspecified errors in the processing of archives and can be exploited to cause heap corruptions and stack-based buffer overflows via specially crafted archives.

Successful exploitation may allow execution of arbitrary code.

The vulnerabilities are reported in versions prior to 3.71.

Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.

Solution:
Update to version 3.71.

Provided and/or discovered by:
Oulu University Secure Programming Group

Original Advisory:
http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/

Other References:
https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html

Source: WinRAR Multiple Unspecified Vulnerabilities - Advisories - Secunia

Filed under: , , ,

Comments

No Comments