Vulnerabilities > CVE-2007-3726 - Denial-Of-Service vulnerability in Rarlab Unrar 3.70Beta3
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL network
rarlab
Summary
Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive that causes a negative signed number to be cast to a large unsigned number.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://osvdb.org/39603
- http://securityreason.com/securityalert/2880
- http://www.securityfocus.com/archive/1/473371/100/0/threaded
- http://www.securityfocus.com/archive/1/473373/100/0/threaded
- http://www.securityfocus.com/archive/1/473376/100/0/threaded
- http://www.securityfocus.com/archive/1/475155/30/5610/threaded