Description
Directory traversal vulnerability in WinRAR 3.42 and earlier, when the user clicks on the ZIP file to extract it, allows remote attackers to create arbitrary files via a ... (triple dot) in the filename of the ZIP file.
Affected products
- RARLAB / WinRAR3.0.0 – 3.0.0
- RARLAB / WinRAR3.10 – 3.10
- RARLAB / WinRAR3.10_beta3 – 3.10_beta3
- RARLAB / WinRAR3.10_beta5 – 3.10_beta5
- RARLAB / WinRAR3.11 – 3.11
- RARLAB / WinRAR3.20 – 3.20
- RARLAB / WinRAR3.40 – 3.40
- RARLAB / WinRAR3.41 – 3.41
- RARLAB / WinRAR3.42 – 3.42