5.1
CVE-2005-4474
- EPSS 2.05%
- Veröffentlicht 22.12.2005 01:03:00
- Zuletzt bearbeitet 16.06.2026 22:18:52
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by tricking the user into adding a file whose filename contains a non-default code page and non-ANSI characters, as demonstrated using a Chinese filename, possibly due to buffer expansion when using the WideCharToMultiByte API. NOTE: it is not clear whether this problem can be exploited for code execution. If not, then perhaps the user-assisted nature of the attack should exclude the issue from inclusion in CVE.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.05% | 0.787 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.1 | 4.9 | 6.4 |
AV:N/AC:H/Au:N/C:P/I:P/A:P
|
http://securityreason.com/securityalert/290
http://www.securityfocus.com/archive/1/420006/100/0/threaded
http://www.securityfocus.com/bid/15999