WinRAR LHA Filename Handling Buffer Overflows

critical Nessus Plugin ID 22072

Synopsis

The remote Windows host has an application that is suffers from two buffer overflow vulnerabilities.

Description

The remote host is running WinRAR, an archive manager for Windows.

The version of WinRAR installed on the remote host is affected by two stack-based buffer overflows when processing LHA files with specially- crafted filenames. Successful exploitation of either issue enables an attacker to execute arbitrary code subject to the privileges of the current user.

Solution

Upgrade to WinRAR version 3.6.0 beta 7 (3.60.7.0) or later.

See Also

http://www.hustlelabs.com/advisories/04072006_rarlabs.pdf

https://www.rarlab.com/rarnew.htm

Plugin Details

Severity: Critical

ID: 22072

File Name: winrar_360b7.nasl

Version: 1.21

Type: local

Agent: windows

Family: Windows

Published: 7/19/2006

Updated: 8/28/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 10.0

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2006-3845

CVSS v3

Risk Factor: Critical

Base Score: 9.6

Temporal Score: 9.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated, installed_sw/RARLAB WinRAR

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/18/2006

Vulnerability Publication Date: 7/18/2006

Exploitable With

Core Impact

Reference Information

CVE: CVE-2006-3845

BID: 19043