RARLabs UnRAR Password Prompt Buffer Overflow Vulnerability
Secunia Advisory: SA24077 Release Date: 2007-02-08
Critical: Moderately critical
Impact: System access
Where: From remote
Solution Status: Vendor Workaround
Software: RAR 3.x ; WinRAR 3.x
A vulnerability has been reported in RARLabs UnRAR, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error when processing password-protected archives using the UnRAR command line utility. This can be exploited to cause a stack-based buffer overflow via a specially crafted password-protected archive.
Successful exploitation requires that the user is e.g. tricked into opening a password-protected archive and respond to the password prompt.
The vulnerability is reported in version 3.60 for Linux and 3.61 for Windows. Other versions may also be affected.
Solution: The vendor has issued version 3.70 beta release.
Provided and/or discovered by: Discovered by an anonymous person and reported via iDefense Labs.
Original Advisory: http://labs.idefense.com/intelligenc...lay.php?id=472