CVE-2006-3845

WinRAR 3.00-3.60 beta 6 - Stack-based Buffer Overflow via Long Filename in LHA Archive

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3845. PoCs published by Ryan Smith.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in WinRAR versions 3.0 to 3.60 beta 6. It crafts a malicious LHA archive to execute arbitrary shellcode, leveraging a lack of bounds checking in user-supplied input.

Description

Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 beta 6 allows remote attackers to execute arbitrary code via a long filename in a LHA archive.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ryan Smith · cremotewindows

https://www.exploit-db.com/exploits/28235

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in WinRAR versions 3.0 to 3.60 beta 6. It crafts a malicious LHA archive to execute arbitrary shellcode, leveraging a lack of bounds checking in user-supplied input.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WinRAR 3.0 to 3.60 beta 6

No auth needed

Prerequisites: Victim must open the malicious LHA archive with a vulnerable version of WinRAR

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21080

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/19043

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/27815

Various Sources x_refsource_confirm

http://www.rarlabs.com/rarnew.htm

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/2867

Exploit, Vendor Advisory x_refsource_misc

http://hustlelabs.com/advisories/04072006_rarlabs.pdf

Scores

EPSS 0.0773

EPSS Percentile 93.9%

Details

Status published

Products (18)

rarlab/winrar 3.0.0

rarlab/winrar 3.10

rarlab/winrar 3.10_beta3

rarlab/winrar 3.10_beta5

rarlab/winrar 3.11

rarlab/winrar 3.20

rarlab/winrar 3.30

rarlab/winrar 3.40

rarlab/winrar 3.41

rarlab/winrar 3.42

... and 8 more

Published Jul 25, 2006

Tracked Since Feb 18, 2026