CVE-2005-3263

Description

Stack-based buffer overflow in UNACEV2.DLL for RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via an ACE archive containing a file with a long name.

Affected products

• RARLAB / WinRAR2.90 – 2.90
• RARLAB / WinRAR3.0.0 – 3.0.0
• RARLAB / WinRAR3.10 – 3.10
• RARLAB / WinRAR3.10_beta3 – 3.10_beta3
• RARLAB / WinRAR3.10_beta5 – 3.10_beta5
• RARLAB / WinRAR3.11 – 3.11
• RARLAB / WinRAR3.20 – 3.20
• RARLAB / WinRAR3.40 – 3.40
• RARLAB / WinRAR3.41 – 3.41
• RARLAB / WinRAR3.42 – 3.42
• RARLAB / WinRAR3.50 – 3.50

References

• MISChttp://www.securityfocus.com/bid/15062
• MISChttp://archives.neohapsis.com/archives/fulldisclosure/2005-10/0266.html
• MISChttp://www.osvdb.org/19915
• VENDOR_ADVISORYhttp://secunia.com/advisories/16973/
• MISChttp://www.rarlabs.com/rarnew.htm
• MISChttp://secunia.com/secunia_research/2005-53/advisory/