• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

RARLAB WinRAR File Name Potential Buffer Overflow Vulnerability

A client-side buffer overflow vulnerability has been reported in the file name processing functionality of WinRAR.

A remote attacker may supply malicious files to a user to be compressed by WinRAR to exploit this issue. A remote compromise is also possible if the application employs the same routines for decompression, however, this is entirely conjecture and has not been confirmed.

WinRAR 3.51 is reportedly vulnerable. Other versions may be affected as well.