Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-7144

Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have unknown impact and attack vectors related to crafted (1) ACE, (2) ARJ, (3) BZ2, (4) CAB, (5) GZ, (6) LHA, (7) RAR, (8) TAR, or (9) ZIP files, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats.

Published

2009-09-01T16:30:00.563

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 10.0 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	rarlab	winrar	≤ 3.70	Yes
Application	rarlab	winrar	2.90	Yes
Application	rarlab	winrar	3.0.0	Yes
Application	rarlab	winrar	3.10	Yes
Application	rarlab	winrar	3.10_beta3	Yes
Application	rarlab	winrar	3.10_beta5	Yes
Application	rarlab	winrar	3.11	Yes
Application	rarlab	winrar	3.20	Yes
Application	rarlab	winrar	3.30	Yes
Application	rarlab	winrar	3.40	Yes
Application	rarlab	winrar	3.41	Yes
Application	rarlab	winrar	3.42	Yes
Application	rarlab	winrar	3.50	Yes
Application	rarlab	winrar	3.51	Yes
Application	rarlab	winrar	3.60_beta1	Yes
Application	rarlab	winrar	3.60_beta2	Yes
Application	rarlab	winrar	3.60_beta3	Yes
Application	rarlab	winrar	3.60_beta4	Yes
Application	rarlab	winrar	3.60_beta5	Yes
Application	rarlab	winrar	3.60_beta6	Yes
Application	rarlab	winrar	3.60_beta7	Yes
Application	rarlab	winrar	3.60_beta8	Yes
Application	rarlab	winrar	3.61	Yes
Application	rarlab	winrar	3.62	Yes
Application	rarlab	winrar	3.70_beta1	Yes
Application	rarlab	winrar	3.70_beta2	Yes
Application	rarlab	winrar	3.70_beta3	Yes
Application	rarlab	winrar	3.70_beta4	Yes
Application	rarlab	winrar	3.70_beta5	Yes
Application	rarlab	winrar	3.70_beta6	Yes
Application	rarlab	winrar	3.70_beta7	Yes
Application	rarlab	winrar	3.70_beta8	Yes

References

http://osvdb.org/43439 ([email protected])
http://secunia.com/advisories/29407 Vendor Advisory ([email protected])
http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html ([email protected])
http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/ ([email protected])
http://www.vupen.com/english/advisories/2008/0916/references Patch, Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/41251 ([email protected])
http://osvdb.org/43439 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29407 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/ (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/0916/references Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41251 (af854a3a-2127-422b-91ae-364da2661108)