CVE-2005-4474

Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by tricking the user into adding a file whose filename contains a non-default code page and non-ANSI characters, as demonstrated using a Chinese filename, possibly due to buffer expansion when using the WideCharToMultiByte API. NOTE: it is not clear whether this problem can be exploited for code execution. If not, then perhaps the user-assisted nature of the attack should exclude the issue from inclusion in CVE.
Configurations

Configuration 1 (hide)

cpe:2.3:a:rarlab:winrar:3.51:*:*:*:*:*:*:*

History

No history.

Information

Published : 2005-12-22 01:03

Updated : 2024-02-28 10:42


NVD link : CVE-2005-4474

Mitre link : CVE-2005-4474

CVE.ORG link : CVE-2005-4474


JSON object : View

Products Affected

rarlab

  • winrar