Details at arstechnica:
"The vulnerability was the result of an absolute path traversal flaw that resided in UNACEV2.DLL, a third-party code libr...
For further actions, you may consider blocking this person and/or reporting abuse
And it wasn’t noticed earlier because it only affects people who bought WinRAR? ;-)
19-year old bug.
Researchers who found it, and how: research.checkpoint.com/extracting...
Wow! That's a really detailed explanation!