Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7144

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-7144
Last Modified 03 Sep 2009 12:00:00
Published 01 Sep 2009 12:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-7144

Summary

Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have unknown impact and attack vectors related to crafted (1) ACE, (2) ARJ, (3) BZ2, (4) CAB, (5) GZ, (6) LHA, (7) RAR, (8) TAR, or (9) ZIP files, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats.

Vulnerable Systems

Application

  • Rarlab Winrar 2.90

  • Rarlab Winrar 3.0.0

  • Rarlab Winrar 3.10

  • Rarlab Winrar 3.10 Beta3

  • Rarlab Winrar 3.10 Beta5

  • Rarlab Winrar 3.11

  • Rarlab Winrar 3.20

  • Rarlab Winrar 3.30

  • Rarlab Winrar 3.40

  • Rarlab Winrar 3.41

  • Rarlab Winrar 3.42

  • Rarlab Winrar 3.50

  • Rarlab Winrar 3.51

  • Rarlab Winrar 3.60 Beta1

  • Rarlab Winrar 3.60 Beta2

  • Rarlab Winrar 3.60 Beta3

  • Rarlab Winrar 3.60 Beta4

  • Rarlab Winrar 3.60 Beta5

  • Rarlab Winrar 3.60 Beta6

  • Rarlab Winrar 3.60 Beta7

  • Rarlab Winrar 3.60 Beta8

  • Rarlab Winrar 3.61

  • Rarlab Winrar 3.62

  • Rarlab Winrar 3.70

  • Rarlab Winrar 3.70 Beta1

  • Rarlab Winrar 3.70 Beta2

  • Rarlab Winrar 3.70 Beta3

  • Rarlab Winrar 3.70 Beta4

  • Rarlab Winrar 3.70 Beta5

  • Rarlab Winrar 3.70 Beta6

  • Rarlab Winrar 3.70 Beta7

  • Rarlab Winrar 3.70 Beta8


References

VUPEN - ADV-2008-0916

XF - winrar-archives-code-execution(41251)

MISC - http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/

MISC - http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html

SECUNIA - 29407

OSVDB - 43439


Last Updated: 27 May 2016 10:49:28