Loading
Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via format string specifiers in a UUE/XXE file, which are not properly handled when WinRAR displays diagnostic errors related to an invalid filename.
Use Rarlab vendor hub and Winrar product page to widen CVE-2005-3262 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2025-8088, CVE-2025-6218 and CVE-2023-38831 for nearby disclosures in the same product family.