| VID |
28160 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The WinRAR has a buffer overflow vulnerability which exists in versions prior to 3.60.7.0. WinRAR is an archive that can build and extract archive files. WinRAR versions prior to 3.60.7.0 are vulnerable to a stack-based buffer overflow vulnerability, caused by improper bounds checking of file and directory names when processing LHA archives. By creating a malicious LHA archive containing an overly long file name, a remote attacker could overflow a buffer and execute arbitrary code on the affected system, once the malicious LHA file is extracted.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.frsirt.com/english/advisories/2006/2867
http://secunia.com/advisories/21080/
http://www.hustlelabs.com/advisories/04072006_rarlabs.pdf
* Platforms Affected:
Eugene Roshal (win.rar GmbH Ltd.), WinRAR versions prior to 3.60.7.0
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of WinRAR (3.6.0 beta 7(3.60.7.0) or later), available from the WinRAR Download Web site at http://www.rarlab.com/download.htm |
| Related URL |
CVE-2006-3845 (CVE) |
| Related URL |
19043 (SecurityFocus) |
| Related URL |
27815 (ISS) |
|
