CVE-2004-1254

Description

WinRAR 3.40, and possibly earlier versions, allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, possibly causing an integer overflow that leads to a buffer overflow.

Affected products

• RARLAB / WinRAR3.0.0 – 3.0.0
• RARLAB / WinRAR3.10 – 3.10
• RARLAB / WinRAR3.10_beta3 – 3.10_beta3
• RARLAB / WinRAR3.10_beta5 – 3.10_beta5
• RARLAB / WinRAR3.11 – 3.11
• RARLAB / WinRAR3.20 – 3.20
• RARLAB / WinRAR3.40 – 3.40
• RARLAB / WinRAR3.41 – 3.41

References

• MISChttp://www.frsirt.com/exploits/20041217.Winrar.c.php
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/18569