Vulnerability Details CVE-2005-3263
Stack-based buffer overflow in UNACEV2.DLL for RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via an ACE archive containing a file with a long name.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.054
EPSS Ranking 89.8%
CVSS Severity
CVSS v2 Score 7.5
References
- http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0266.html
- http://secunia.com/advisories/16973/
- http://secunia.com/secunia_research/2005-53/advisory/
- http://www.osvdb.org/19915
- http://www.rarlabs.com/rarnew.htm
- http://www.securityfocus.com/bid/15062
- http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0266.html
- http://secunia.com/advisories/16973/
- http://secunia.com/secunia_research/2005-53/advisory/
- http://www.osvdb.org/19915
- http://www.rarlabs.com/rarnew.htm
- http://www.securityfocus.com/bid/15062
Products affected by CVE-2005-3263
-
cpe:2.3:a:rarlab:winrar:2.90
-
cpe:2.3:a:rarlab:winrar:3.0.0
-
cpe:2.3:a:rarlab:winrar:3.10
-
cpe:2.3:a:rarlab:winrar:3.10_beta3
-
cpe:2.3:a:rarlab:winrar:3.10_beta5
-
cpe:2.3:a:rarlab:winrar:3.11
-
cpe:2.3:a:rarlab:winrar:3.20
-
cpe:2.3:a:rarlab:winrar:3.40
-
cpe:2.3:a:rarlab:winrar:3.41
-
cpe:2.3:a:rarlab:winrar:3.42
-
cpe:2.3:a:rarlab:winrar:3.50