Description
Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via format string specifiers in a UUE/XXE file, which are not properly handled when WinRAR displays diagnostic errors related to an invalid filename.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Tan Chew Keong · textdoslinux
https://www.exploit-db.com/exploits/26342
References (4)
Core 4
Core References
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15062
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/16973/
Various Sources x_refsource_confirm
http://www.rarlabs.com/rarnew.htm
Patch, Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2005-53/advisory/
Scores
EPSS
0.0961
EPSS Percentile
92.9%
Details
Status
published
Products (11)
rarlab/winrar
2.90
rarlab/winrar
3.0.0
rarlab/winrar
3.10
rarlab/winrar
3.10_beta3
rarlab/winrar
3.10_beta5
rarlab/winrar
3.11
rarlab/winrar
3.20
rarlab/winrar
3.40
rarlab/winrar
3.41
rarlab/winrar
3.42
... and 1 more
Published
Oct 20, 2005
Tracked Since
Feb 18, 2026