Description
Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via format string specifiers in a UUE/XXE file, which are not properly handled when WinRAR displays diagnostic errors related to an invalid filename.
Affected products
- RARLAB / WinRAR2.90 – 2.90
- RARLAB / WinRAR3.0.0 – 3.0.0
- RARLAB / WinRAR3.10 – 3.10
- RARLAB / WinRAR3.10_beta3 – 3.10_beta3
- RARLAB / WinRAR3.10_beta5 – 3.10_beta5
- RARLAB / WinRAR3.11 – 3.11
- RARLAB / WinRAR3.20 – 3.20
- RARLAB / WinRAR3.40 – 3.40
- RARLAB / WinRAR3.41 – 3.41
- RARLAB / WinRAR3.42 – 3.42
- RARLAB / WinRAR3.50 – 3.50