SECUNIA ADVISORY ID: SA29407

VERIFY ADVISORY: http://secunia.com/advisories/29407/

CRITICAL: Highly critical

IMPACT: DoS, System access

SOFTWARE: WinRAR 3.x - http://secunia.com/product/890/

DESCRIPTION: Some vulnerabilities have been reported in WinRAR, which can potentially be exploited by malicious people to compromise a vulnerable system.

The vulnerabilities are caused due to unspecified errors in the processing of archives and can be exploited to cause heap corruptions and stack-based buffer overflows via specially crafted archives. Successful exploitation may allow execution of arbitrary code. The vulnerabilities are reported in versions prior to 3.71.

SOLUTION: Update to version 3.71.

PROVIDED AND/OR DISCOVERED BY: Oulu University Secure Programming Group

ORIGINAL ADVISORY: http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/

OTHER REFERENCES: https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html