Details at arstechnica:
"The vulnerability was the result of an absolute path traversal flaw that resided in UNACEV2.DLL, a third-party code library that hasn’t been updated since 2005. The traversal made it possible for archive files to extract to a folder of the archive creator’s choosing, rather than the folder chosen by the person using the program. Because the third-party library doesn’t make use of exploit mitigations such as address space layout randomization, there was little preventing exploits."
Latest comments (3)
19-year old bug.
Researchers who found it, and how: research.checkpoint.com/extracting...
Wow! That's a really detailed explanation!
And it wasn’t noticed earlier because it only affects people who bought WinRAR? ;-)