Lucene search
MitreCVE-2005-3262HistoryOct 20, 2005 - 10:02 a.m.
CVE-2005-3262
2005-10-2010:02:00
mitre
web.nvd.nist.gov
30
cve-2005-3262
format string vulnerability
rarlab winrar
remote code execution
uue
xxe
nvd
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.1
Confidence
Low
EPSS
0.085
Percentile
94.6%
Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via format string specifiers in a UUE/XXE file, which are not properly handled when WinRAR displays diagnostic errors related to an invalid filename.
Affected configurations
Node
rarlabwinrarMatch2.90
ORrarlabwinrarMatch3.0.0
ORrarlabwinrarMatch3.10
ORrarlabwinrarMatch3.10_beta3
ORrarlabwinrarMatch3.10_beta5
ORrarlabwinrarMatch3.11
ORrarlabwinrarMatch3.20
ORrarlabwinrarMatch3.40
ORrarlabwinrarMatch3.41
ORrarlabwinrarMatch3.42
ORrarlabwinrarMatch3.50
| Vendor | Product | Version | CPE |
|---|---|---|---|
| rarlab | winrar | 2.90 | cpe:2.3:a:rarlab:winrar:2.90:*:*:*:*:*:*:* |
| rarlab | winrar | 3.0.0 | cpe:2.3:a:rarlab:winrar:3.0.0:*:*:*:*:*:*:* |
| rarlab | winrar | 3.10 | cpe:2.3:a:rarlab:winrar:3.10:*:*:*:*:*:*:* |
| rarlab | winrar | 3.10_beta3 | cpe:2.3:a:rarlab:winrar:3.10_beta3:*:*:*:*:*:*:* |
| rarlab | winrar | 3.10_beta5 | cpe:2.3:a:rarlab:winrar:3.10_beta5:*:*:*:*:*:*:* |
| rarlab | winrar | 3.11 | cpe:2.3:a:rarlab:winrar:3.11:*:*:*:*:*:*:* |
| rarlab | winrar | 3.20 | cpe:2.3:a:rarlab:winrar:3.20:*:*:*:*:*:*:* |
| rarlab | winrar | 3.40 | cpe:2.3:a:rarlab:winrar:3.40:*:*:*:*:*:*:* |
| rarlab | winrar | 3.41 | cpe:2.3:a:rarlab:winrar:3.41:*:*:*:*:*:*:* |
| rarlab | winrar | 3.42 | cpe:2.3:a:rarlab:winrar:3.42:*:*:*:*:*:*:* |
Related
exploitdb
exploitdb
cvelist
cvelist
CVE-2005-3262
2005-10-20 04:00:00
nvd
nvd
CVE-2005-3262
2005-10-20 10:02:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.1
Confidence
Low
EPSS
0.085
Percentile
94.6%
Related for CVE-2005-3262