CVE-2005-3262

Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via format string specifiers in a UUE/XXE file, which are not properly handled when WinRAR displays diagnostic errors related to an invalid filename.

Date published : 2005-10-20

http://www.securityfocus.com/bid/15062

http://www.rarlabs.com/rarnew.htm