CVE-2005-3262 Information

Description

Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via format string specifiers in a UUE/XXE file which are not properly handled when WinRAR displays diagnostic errors related to an invalid filename.

Reference

http://secunia.com/advisories/16973/ http://secunia.com/secunia_research/2005-53/advisory/ http://www.rarlabs.com/rarnew.htm http://www.securityfocus.com/bid/15062