CVE-2005-4474

Name of the Vulnerable Software and Affected Versions WinRAR version 3.51

Description A buffer overflow issue exists in the "Add to archive" command, potentially allowing attackers to cause a denial of service (crash) and possibly execute arbitrary code. This can be achieved by tricking the user into adding a file with a filename containing non-default code page and non-ANSI characters. The issue may be related to buffer expansion when using the WideCharToMultiByte API.

Recommendations For WinRAR version 3.51, consider avoiding the use of filenames with non-default code page and non-ANSI characters in the "Add to archive" command until a fix is available. As a temporary workaround, restrict the use of the "Add to archive" command with files having special characters in their filenames to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.