| Secunia Advisory: | SA29407 | |
| Release Date: | 2008-03-19 | |
| Critical: |  Highly critical | |
| Impact: | DoS System access | |
| Where: | From remote | |
| Solution Status: | Vendor Patch | |
| Software: | WinRAR 3.x | |
:
Some vulnerabilities have been reported in WinRAR, which can potentially be exploited by malicious people to compromise a vulnerable system.
The vulnerabilities are caused due to unspecified errors in the processing of archives and can be exploited to cause heap corruptions and stack-based buffer overflows via specially crafted archives.
Successful exploitation may allow execution of arbitrary code.
The vulnerabilities are reported in versions prior to 3.71.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Solution:
Update to version 3.71.
Provided and/or discovered by:
Oulu University Secure Programming Group
Original Advisory:
http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/
Other References:
https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
留言列表
