Directory traversal vulnerability in WinRAR 3.42 and earlier, when the user clicks on the ZIP file to extract it, allows remote attackers to create arbitrary files via a ... (triple dot) in the filename of the ZIP file.
Software | From | Fixed in |
---|---|---|
rarlab / winrar | 3.0.0 | 3.0.0.x |
rarlab / winrar | 3.10 | 3.10.x |
rarlab / winrar | 3.10_beta3 | 3.10_beta3.x |
rarlab / winrar | 3.10_beta5 | 3.10_beta5.x |
rarlab / winrar | 3.11 | 3.11.x |
rarlab / winrar | 3.20 | 3.20.x |
rarlab / winrar | 3.40 | 3.40.x |
rarlab / winrar | 3.41 | 3.41.x |
rarlab / winrar | 3.42 | 3.42.x |