Vulnerabilities > Rarlab > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-07-12 | CVE-2007-3726 | Denial-Of-Service vulnerability in Rarlab Unrar 3.70Beta3 Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive that causes a negative signed number to be cast to a large unsigned number. network rarlab | 4.3 |
| 2007-02-08 | CVE-2007-0855 | Buffer Overflow vulnerability in Rarlab Unrar 3.60/3.61 Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted, password-protected archive. network rarlab | 6.8 |
| 2005-12-31 | CVE-2005-4620 | Buffer Overflow vulnerability in RARLAB WinRAR Command Line Processing Buffer overflow in WinRAR 3.50 and earlier allows local users to execute arbitrary code via a long command-line argument. | 4.6 |
| 2005-12-22 | CVE-2005-4474 | Buffer Overflow vulnerability in Rarlab Winrar 3.51 Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by tricking the user into adding a file whose filename contains a non-default code page and non-ANSI characters, as demonstrated using a Chinese filename, possibly due to buffer expansion when using the WideCharToMultiByte API. | 5.1 |
| 2004-08-18 | CVE-2004-0235 | Buffer Overflow/Directory Traversal vulnerability in Multiple LHA Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. | 6.4 |
| 2003-12-31 | CVE-2003-1445 | Buffer Errors vulnerability in Rarlab FAR Manager 1.65/1.70Beta1/1.70Beta4 Stack-based buffer overflow in Far Manager 1.70beta1 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long pathname. | 4.6 |