WinRAR.LHA.Filename.Handling.Buffer.Overflow

description-logoDescription

There exists a Stack-based buffer overflow in the lzh.fmt in WinRAR 3.00 through 3.60 beta 6. A succesfull exploit would allow remote attackers to execute arbitrary code via a long filename in a LHA archive.

affected-products-logoAffected Products

WinRAR 3.00 - 3.60 beta 6.

Impact logoImpact

System compromise.

recomended-action-logoRecommended Actions

The vendor has released version 3.60 beta 7 to address this issue.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)