Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0331

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2005-0331
Last Modified 05 Sep 2008 04:45:58
Published 02 May 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2005-0331

Summary

Directory traversal vulnerability in WinRAR 3.42 and earlier, when the user clicks on the ZIP file to extract it, allows remote attackers to create arbitrary files via a ... (triple dot) in the filename of the ZIP file.

Vulnerable Systems

Application

  • Rarlab Winrar 3.0.0

  • Rarlab Winrar 3.10

  • Rarlab Winrar 3.10 Beta3

  • Rarlab Winrar 3.10 Beta5

  • Rarlab Winrar 3.11

  • Rarlab Winrar 3.20

  • Rarlab Winrar 3.40

  • Rarlab Winrar 3.41

  • Rarlab Winrar 3.42


References

XF - winrar-dotdotdotdirectory-traversal(20585)

BID - 12422

BUGTRAQ - 20050202 7a69Adv#21 - WinRAR unpack one-folder path disclosure


Last Updated: 27 May 2016 10:39:46