Vulnerabilities > CVE-2006-3845 - Buffer Overflow vulnerability in RARLAB WinRAR LHA Filename Handling
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 beta 6 allows remote attackers to execute arbitrary code via a long filename in a LHA archive.
Vulnerable Configurations
Exploit-Db
description | RARLAB WinRAR 3.x LHA Filename Handling Buffer Overflow Vulnerability. CVE-2006-3845. Remote exploit for windows platform |
id | EDB-ID:28235 |
last seen | 2016-02-03 |
modified | 2006-07-18 |
published | 2006-07-18 |
reporter | Ryan Smith |
source | https://www.exploit-db.com/download/28235/ |
title | RARLAB WinRAR 3.x LHA Filename Handling Buffer Overflow Vulnerability |
Nessus
NASL family | Windows |
NASL id | WINRAR_360B7.NASL |
description | The remote host is running WinRAR, an archive manager for Windows. The version of WinRAR installed on the remote host is affected by two stack-based buffer overflows when processing LHA files with specially- crafted filenames. Successful exploitation of either issue enables an attacker to execute arbitrary code subject to the privileges of the current user. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 22072 |
published | 2006-07-19 |
reporter | This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/22072 |
title | WinRAR LHA Filename Handling Buffer Overflows |
code |
|