Secunia Security Advisory - Secunia Research has discovered two vulnerabilities in WinRAR, which can be exploited by malicious people to compromise a user's system.
261971cc390f0be498350656d91664e1b6b7b58dc9e974ceb40de472ee5d4cae
TITLE:
WinRAR Format String and Buffer Overflow Vulnerabilities
SECUNIA ADVISORY ID:
SA16973
VERIFY ADVISORY:
http://secunia.com/advisories/16973/
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
WinRAR 3.x
http://secunia.com/product/890/
DESCRIPTION:
Secunia Research has discovered two vulnerabilities in WinRAR, which
can be exploited by malicious people to compromise a user's system.
1) A format string error exists when displaying a diagnostic error
message that informs the user of an invalid filename in an UUE/XXE
encoded file. This can be exploited to execute arbitrary code when a
malicious UUE/XXE file is decoded.
2) A boundary error in UNACEV2.DLL can be exploited to cause a
stack-based buffer overflow. This allows arbitrary code execution
when a malicious ACE archive containing a file with an overly long
file name is extracted.
Vulnerability #2 is related to:
SA14359
The vulnerabilities have been confirmed in version 3.50. Prior
versions may also be affected.
SOLUTION:
Update to version 3.51.
http://www.rarlabs.com/download.htm
PROVIDED AND/OR DISCOVERED BY:
Tan Chew Keong, Secunia Research.
ORIGINAL ADVISORY:
RARLAB:
http://www.rarlabs.com/rarnew.htm
Secunia Research:
http://secunia.com/secunia_research/2005-53/advisory/
OTHER REFERENCES:
SA14359:
http://secunia.com/advisories/14359/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------