Intrusion Prevention

WinRAR.Filename.Spoofing

Description

This indicates an attack attempt to exploit a Filename Spoofing vulnerability in RARLAB WinRAR.
The vulnerability is due to an error when the vulnerable software handles a malformed ZIP file. A remote attacker can exploit this to bypass security checks of vulnerable systems and lead to the user opening a malicious executable file.

Affected Products

RARLAB WinRAR 3.80
RARLAB WinRAR 4.20
RARLAB WinRAR 5.01

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
http://www.rarlabs.com/vuln_zip_spoofing_4.20.html