VYPR
Unrated severityNVD Advisory· Published Oct 20, 2005· Updated Jun 16, 2026

CVE-2005-3262

CVE-2005-3262

Description

Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via format string specifiers in a UUE/XXE file, which are not properly handled when WinRAR displays diagnostic errors related to an invalid filename.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

12
  • Rarlab/Winrar12 versions
    cpe:2.3:a:rarlab:winrar:2.90:*:*:*:*:*:*:*+ 11 more
    • cpe:2.3:a:rarlab:winrar:2.90:*:*:*:*:*:*:*
    • cpe:2.3:a:rarlab:winrar:3.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rarlab:winrar:3.10:*:*:*:*:*:*:*
    • cpe:2.3:a:rarlab:winrar:3.10_beta3:*:*:*:*:*:*:*
    • cpe:2.3:a:rarlab:winrar:3.10_beta5:*:*:*:*:*:*:*
    • cpe:2.3:a:rarlab:winrar:3.11:*:*:*:*:*:*:*
    • cpe:2.3:a:rarlab:winrar:3.20:*:*:*:*:*:*:*
    • cpe:2.3:a:rarlab:winrar:3.40:*:*:*:*:*:*:*
    • cpe:2.3:a:rarlab:winrar:3.41:*:*:*:*:*:*:*
    • cpe:2.3:a:rarlab:winrar:3.42:*:*:*:*:*:*:*
    • cpe:2.3:a:rarlab:winrar:3.50:*:*:*:*:*:*:*
    • (no CPE)range: >=2.90 <=3.50

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.