-= Unl0ck Team Security Advisory =- ____ ___ __ _______ __ ___________ | | \____ | | \ _ \ ____ | | __ \__ ___/___ _____ _____ | | / \| | / /_\ \_ / ___\| |/ / | |_/ __ \\__ \ / \ | | / | \ |_\ \_/ \ \___ | < | |\ ___/ / __ \| Y Y \ |______/|___| /____/\_____ /\_____ >__|_ \ |____| \___ >____ /__|_| / \/ \/ \/ \/ \/ \/ \/ ... the best way of protection is attack http://unl0ck.void.ru Advisory : #10 by unl0ck team Product : WinRAR <= 3.41 Vendor : http://rarlabs.com Date : 19.12.2004 Impact : buffer overflow Advisory URL : http://unl0ck.void.ru/papers/adv/vpopmail2.txt -=[ Overview WinRAR best compressor/decompressor all over the World! ]=- -=[ Vulnerability Buffer Overflow vulnerability exist in delete() function in WinRAR. We released some demo exploit. You Can see it in our site in "Exploits" Section. DemoExploit create archive with long filename. Try to open archive, then try to delete file onto archive. ]=- -=[ Credits Found this bug Dark Eagle Unl0ck Team [http://unl0ck.void.ru] ]=-