Vulnerabilities > Rarlab
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-07-12 | CVE-2007-3726 | Denial-Of-Service vulnerability in Rarlab Unrar 3.70Beta3 Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive that causes a negative signed number to be cast to a large unsigned number. network rarlab | 4.3 |
| 2007-02-08 | CVE-2007-0855 | Buffer Overflow vulnerability in Rarlab Unrar 3.60/3.61 Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted, password-protected archive. network rarlab | 6.8 |
| 2006-07-28 | CVE-2006-3912 | Buffer Errors vulnerability in Rarlab Winrar 3.60Beta8 Stack-based buffer overflow in the SFX module in WinRAR before 3.60 beta 8 has unspecified vectors and impact. | 2.1 |
| 2006-07-25 | CVE-2006-3845 | Buffer Overflow vulnerability in RARLAB WinRAR LHA Filename Handling Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 beta 6 allows remote attackers to execute arbitrary code via a long filename in a LHA archive. | 9.3 |
| 2005-12-31 | CVE-2005-4620 | Buffer Overflow vulnerability in RARLAB WinRAR Command Line Processing Buffer overflow in WinRAR 3.50 and earlier allows local users to execute arbitrary code via a long command-line argument. | 4.6 |
| 2005-12-22 | CVE-2005-4474 | Buffer Overflow vulnerability in Rarlab Winrar 3.51 Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by tricking the user into adding a file whose filename contains a non-default code page and non-ANSI characters, as demonstrated using a Chinese filename, possibly due to buffer expansion when using the WideCharToMultiByte API. | 5.1 |
| 2005-10-20 | CVE-2005-3263 | Remote vulnerability in RARLAB WinRAR Stack-based buffer overflow in UNACEV2.DLL for RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via an ACE archive containing a file with a long name. | 7.5 |
| 2005-10-20 | CVE-2005-3262 | Remote vulnerability in RARLAB WinRAR Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via format string specifiers in a UUE/XXE file, which are not properly handled when WinRAR displays diagnostic errors related to an invalid filename. | 7.5 |
| 2005-05-02 | CVE-2005-0331 | Directory Traversal vulnerability in RARLAB WinRAR Directory traversal vulnerability in WinRAR 3.42 and earlier, when the user clicks on the ZIP file to extract it, allows remote attackers to create arbitrary files via a ... | 2.6 |
| 2005-01-10 | CVE-2004-1254 | Remote Security vulnerability in WinRar WinRAR 3.40, and possibly earlier versions, allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, possibly causing an integer overflow that leads to a buffer overflow. | 10.0 |