Vulnerability Description
Directory traversal vulnerability in WinRAR 3.42 and earlier, when the user clicks on the ZIP file to extract it, allows remote attackers to create arbitrary files via a ... (triple dot) in the filename of the ZIP file.
CVSS Score
2.6
LOW
AV:N/AC:H/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rarlab | Winrar | 3.0.0 |
References
- http://marc.info/?l=bugtraq&m=110737609604210&w=2
- http://www.securityfocus.com/bid/12422
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20585
- http://marc.info/?l=bugtraq&m=110737609604210&w=2
- http://www.securityfocus.com/bid/12422
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20585
FAQ
What is CVE-2005-0331?
CVE-2005-0331 is a vulnerability with a CVSS score of 2.6 (LOW). Directory traversal vulnerability in WinRAR 3.42 and earlier, when the user clicks on the ZIP file to extract it, allows remote attackers to create arbitrary files via a ... (triple dot) in the filena...
How severe is CVE-2005-0331?
CVE-2005-0331 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0331?
Check the references section above for vendor advisories and patch information. Affected products include: Rarlab Winrar.