CVE-2005-0331

Description

Directory traversal vulnerability in WinRAR 3.42 and earlier, when the user clicks on the ZIP file to extract it, allows remote attackers to create arbitrary files via a ... (triple dot) in the filename of the ZIP file.

Affected products

• RARLAB / WinRAR3.0.0 – 3.0.0
• RARLAB / WinRAR3.10 – 3.10
• RARLAB / WinRAR3.10_beta3 – 3.10_beta3
• RARLAB / WinRAR3.10_beta5 – 3.10_beta5
• RARLAB / WinRAR3.11 – 3.11
• RARLAB / WinRAR3.20 – 3.20
• RARLAB / WinRAR3.40 – 3.40
• RARLAB / WinRAR3.41 – 3.41
• RARLAB / WinRAR3.42 – 3.42

References

• MISChttp://www.securityfocus.com/bid/12422
• MAILING_LISThttp://marc.info/?l=bugtraq&m=110737609604210&w=2
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/20585