RARLAB WinRAR Directory Traversal Vulnerability
BID:12422
Info
RARLAB WinRAR Directory Traversal Vulnerability
| Bugtraq ID: | 12422 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 02 2005 12:00AM |
| Updated: | Feb 02 2005 12:00AM |
| Credit: | Discovery is credited to Albert Puigsech Galicia <[email protected]>. |
| Vulnerable: |
RARLAB WinRar 3.42 RARLAB WinRar 3.41 RARLAB WinRar 3.40 RARLAB WinRar 3.20 RARLAB WinRar 3.11 RARLAB WinRar 3.10 beta 5 RARLAB WinRar 3.10 beta 3 RARLAB WinRar 3.10 beta 3 RARLAB WinRar 3.10 RARLAB WinRar 3.0 .0 |
| Not Vulnerable: | |
Discussion
RARLAB WinRAR Directory Traversal Vulnerability
WinRAR is prone to a vulnerability that may allow an attacker to create files in arbitrary locations on a vulnerable computer.
This issue arises when a user right clicks on a file and attempts to decompress it.
WinRAR 3.42 and prior versions are reported vulnerable to this issue.
WinRAR is prone to a vulnerability that may allow an attacker to create files in arbitrary locations on a vulnerable computer.
This issue arises when a user right clicks on a file and attempts to decompress it.
WinRAR 3.42 and prior versions are reported vulnerable to this issue.
Exploit / POC
RARLAB WinRAR Directory Traversal Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
RARLAB WinRAR Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
RARLAB WinRAR Directory Traversal Vulnerability
References:
References:
- Vendor Home Page (RARLAB)
- 7a69Adv#21 - WinRAR unpack one-folder path disclosure (Albert Puigsech Galicia