Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4474


Vulnerability Score 5.1 5.1
CVE Id CVE-2005-4474
Last Modified 05 Sep 2008 04:56:58
Published 21 Dec 2005 08:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE



Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by tricking the user into adding a file whose filename contains a non-default code page and non-ANSI characters, as demonstrated using a Chinese filename, possibly due to buffer expansion when using the WideCharToMultiByte API. NOTE: it is not clear whether this problem can be exploited for code execution. If not, then perhaps the user-assisted nature of the attack should exclude the issue from inclusion in CVE.

Vulnerable Systems


  • Rarlab Winrar 3.51


BID - 15999

BUGTRAQ - 20051221 WinRAR - Processing Filename Incorrectly Vulnerability


Last Updated: 27 May 2016 10:41:19