FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-0855

This CVE name corresponds to:

Entered Topic
2007-02-17 rar -- password prompt buffer overflow vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2007-0855
Phase Assigned(20070208)

Description

Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted, password-protected archive.

References

Source Reference
IDEFENSE 20070207 RARLabs Unrar Password Prompt Buffer Overflow Vulnerability
GENTOO GLSA-200702-04
SUSE SUSE-SR:2007:005
BID 22447
VUPEN ADV-2007-0523
OSVDB 33124
SECTRACK 1017593
SECUNIA 24077
SECUNIA 24165
XF unrar-password-archive-bo(32357)