Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by tricking the user into adding a file whose filename contains a non-default code page and non-ANSI characters, as demonstrated using a Chinese filename, possibly due to buffer expansion when using the WideCharToMultiByte API. NOTE: it is not clear whether this problem can be exploited for code execution. If not, then perhaps the user-assisted nature of the attack should exclude the issue from inclusion in CVE.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WinRAR文件名处理溢出漏洞
Vulnerability Description
WinRAR是一款非常流行的压缩/解压工具。 WinRAR在处理畸形文件名时存在缓冲区溢出漏洞,攻击者可能利用此漏洞在客户机上执行任意指令。在通过鼠标右键的""Add to archive""命令创建压缩文件时,如果所要压缩文件的文件名中包含有非默认代码页和非ANSI字符的话,就会导致缓冲区溢出,攻击者可以利用这个漏洞执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A