CVE-2005-4620
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
31/12/2005
Last modified:
03/04/2025
Description
Buffer overflow in WinRAR 3.50 and earlier allows local users to execute arbitrary code via a long command-line argument. NOTE: because this program executes with the privileges of the invoking user, and because remote programs do not normally have the ability to specify a command-line argument for this program, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability.
Impact
Base Score 2.0
4.60
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:rarlab:winrar:2.90:*:*:*:*:*:*:* | ||
| cpe:2.3:a:rarlab:winrar:3.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:rarlab:winrar:3.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:rarlab:winrar:3.10_beta3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:rarlab:winrar:3.10_beta5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:rarlab:winrar:3.11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:rarlab:winrar:3.20:*:*:*:*:*:*:* | ||
| cpe:2.3:a:rarlab:winrar:3.30:*:*:*:*:*:*:* | ||
| cpe:2.3:a:rarlab:winrar:3.40:*:*:*:*:*:*:* | ||
| cpe:2.3:a:rarlab:winrar:3.41:*:*:*:*:*:*:* | ||
| cpe:2.3:a:rarlab:winrar:3.42:*:*:*:*:*:*:* | ||
| cpe:2.3:a:rarlab:winrar:3.50:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.rarlab.com/rarnew.htm
- http://www.securityfocus.com/archive/1/420679/100/0/threaded
- http://www.securityfocus.com/bid/15123
- http://www.securityfocus.com/data/vulnerabilities/exploits/0xletzdance.c
- http://www.rarlab.com/rarnew.htm
- http://www.securityfocus.com/archive/1/420679/100/0/threaded
- http://www.securityfocus.com/bid/15123
- http://www.securityfocus.com/data/vulnerabilities/exploits/0xletzdance.c