Lucene search
MitreCVE-2004-1254HistoryJan 10, 2005 - 5:00 a.m.
CVE-2004-1254
2005-01-1005:00:00
mitre
web.nvd.nist.gov
29
winrar
vulnerability
remote code execution
zip file
long filename
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
8.6
Confidence
High
EPSS
0.027
Percentile
90.6%
WinRAR 3.40, and possibly earlier versions, allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, possibly causing an integer overflow that leads to a buffer overflow.
Affected configurations
Node
rarlabwinrarMatch3.0.0
ORrarlabwinrarMatch3.10
ORrarlabwinrarMatch3.10_beta3
ORrarlabwinrarMatch3.10_beta5
ORrarlabwinrarMatch3.11
ORrarlabwinrarMatch3.20
ORrarlabwinrarMatch3.40
ORrarlabwinrarMatch3.41
| Vendor | Product | Version | CPE |
|---|---|---|---|
| rarlab | winrar | 3.0.0 | cpe:2.3:a:rarlab:winrar:3.0.0:*:*:*:*:*:*:* |
| rarlab | winrar | 3.10 | cpe:2.3:a:rarlab:winrar:3.10:*:*:*:*:*:*:* |
| rarlab | winrar | 3.10_beta3 | cpe:2.3:a:rarlab:winrar:3.10_beta3:*:*:*:*:*:*:* |
| rarlab | winrar | 3.10_beta5 | cpe:2.3:a:rarlab:winrar:3.10_beta5:*:*:*:*:*:*:* |
| rarlab | winrar | 3.11 | cpe:2.3:a:rarlab:winrar:3.11:*:*:*:*:*:*:* |
| rarlab | winrar | 3.20 | cpe:2.3:a:rarlab:winrar:3.20:*:*:*:*:*:*:* |
| rarlab | winrar | 3.40 | cpe:2.3:a:rarlab:winrar:3.40:*:*:*:*:*:*:* |
| rarlab | winrar | 3.41 | cpe:2.3:a:rarlab:winrar:3.41:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2004-1254
2005-01-10 05:00:00
exploitdb
exploitdb
WinRAR 3.4.1 - Corrupt '.ZIP' File
2004-12-16 00:00:00
cvelist
cvelist
CVE-2004-1254
2004-12-22 05:00:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
8.6
Confidence
High
EPSS
0.027
Percentile
90.6%
Related for CVE-2004-1254