CVE-2005-3262

WinRAR 2.90-3.50 - Remote Code Execution via Format String in UUE/XXE Filename Error

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3262. PoCs published by Tan Chew Keong.

AI-analyzed exploit summary This exploit leverages a format string vulnerability in WinRAR 3.50 and prior versions. The PoC uses a malformed filename with format specifiers to trigger arbitrary code execution.

Description

Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via format string specifiers in a UUE/XXE file, which are not properly handled when WinRAR displays diagnostic errors related to an invalid filename.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Tan Chew Keong · textdoslinux
https://www.exploit-db.com/exploits/26342

This exploit leverages a format string vulnerability in WinRAR 3.50 and prior versions. The PoC uses a malformed filename with format specifiers to trigger arbitrary code execution.

Classification
Working Poc 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: WinRAR <= 3.50
No auth needed
Prerequisites: Victim must open a specially crafted archive file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15062
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16973/
Various Sources x_refsource_confirm
http://www.rarlabs.com/rarnew.htm
Patch, Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2005-53/advisory/

Scores

EPSS 0.0880
EPSS Percentile 94.5%

Details

Status published
Products (11)
rarlab/winrar 2.90
rarlab/winrar 3.0.0
rarlab/winrar 3.10
rarlab/winrar 3.10_beta3
rarlab/winrar 3.10_beta5
rarlab/winrar 3.11
rarlab/winrar 3.20
rarlab/winrar 3.40
rarlab/winrar 3.41
rarlab/winrar 3.42
... and 1 more
Published Oct 20, 2005
Tracked Since Feb 18, 2026