CVE-2004-1254

Rarlab Winrar - Buffer Overflow

Title source: rule

Description

WinRAR 3.40, and possibly earlier versions, allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, possibly causing an integer overflow that leads to a buffer overflow.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Vafa Khoshaein · clocalwindows

https://www.exploit-db.com/exploits/694

View Code ZIP pw:eip

References (2)

[Various Sources] http://www.frsirt.com/exploits/20041217.Winrar.c.php

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/18569

Scores

EPSS 0.0520

EPSS Percentile 90.0%

Details

Status published

Products (8)

rarlab/winrar 3.0.0

rarlab/winrar 3.10

rarlab/winrar 3.10_beta3

rarlab/winrar 3.10_beta5

rarlab/winrar 3.11

rarlab/winrar 3.20

rarlab/winrar 3.40

rarlab/winrar 3.41

Published Jan 10, 2005

Tracked Since Feb 18, 2026