PT-2005-3885 · Igor Pavlov · 7-Zip

Tan Chew Keong

Published

2005-09-23

Updated

2017-07-11

CVE-2005-3051

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions 7-Zip versions 3.13, 4.23, and 4.26 BETA

Description A stack-based buffer overflow issue exists in the ARJ plugin (arj.dll) version 3.9.2.0 for 7-Zip, which can be exploited by remote attackers to execute arbitrary code via a large ARJ block.

Recommendations For 7-Zip version 3.13, update to a version that includes a fix for the ARJ plugin issue. For 7-Zip version 4.23, update to a version that includes a fix for the ARJ plugin issue. For 7-Zip version 4.26 BETA, update to a version that includes a fix for the ARJ plugin issue. As a temporary workaround, consider disabling the ARJ plugin (arj.dll) until a patch is available.

Fix

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2005-3051

Affected Products

7-Zip

PT-2005-3885 · Igor Pavlov · 7-Zip

CVE-2005-3051

Weakness Enumeration

Related Identifiers

Affected Products

References · 11