CVE-2005-3262

Name of the Vulnerable Software and Affected Versions WinRAR versions 2.90 through 3.50

Description The issue allows remote attackers to execute arbitrary code via format string specifiers in a UUE/XXE file. This occurs because WinRAR does not properly handle format string specifiers when displaying diagnostic errors related to an invalid filename.

Recommendations For versions 2.90 through 3.50, update to a version outside of this range to mitigate the risk of exploitation. As a temporary workaround, consider avoiding the use of UUE/XXE files until a patch is available. Restrict access to potentially malicious files to minimize the risk of exploitation.