Ravens PHP Scripts

WinRAR Multiple Unspecified Vulnerabilities
Date: Thursday, March 20, 2008 @ 02:24:08 PDT
Topic: Security


SECUNIA ADVISORY ID: SA29407

VERIFY ADVISORY: http://secunia.com/advisories/29407/

CRITICAL: Highly critical

IMPACT: DoS, System access

SOFTWARE: WinRAR 3.x - http://secunia.com/product/890/

DESCRIPTION: Some vulnerabilities have been reported in WinRAR, which can potentially be exploited by malicious people to compromise a vulnerable system.



The vulnerabilities are caused due to unspecified errors in the processing of archives and can be exploited to cause heap corruptions and stack-based buffer overflows via specially crafted archives. Successful exploitation may allow execution of arbitrary code. The vulnerabilities are reported in versions prior to 3.71.

SOLUTION: Update to version 3.71.

PROVIDED AND/OR DISCOVERED BY: Oulu University Secure Programming Group

ORIGINAL ADVISORY: http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/

OTHER REFERENCES: https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html






This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3276