Bug in File Archiving Tool Winrar Let Crafted Archives write files outside their folder during the extraction
- Advertisement -
Related Posts
- Advertisement -
- Winrar Flaw had made of archives that drop files outside the target folder, including in Windows Startup
- New version 7.12 deals with critical pad and HTML vulnerabilities
- Windows users insisted to update Winrar for improved file safety
Iconic file archiving tool Winrar has received a security update with a serious error with which attackers can perform random code on affected systems.
The vulnerability, followed as CVE-2025-6218, was identified in the way in which Winrar deals with file paths in archives.
It was discovered by a researcher who is known as a WHS3 detonator, working with Trend Micro’s Zero Day Initiative.
Patch now
The problem exists in Windows versions of Winrar, where a specially manufactured archive can exploit the mushroom during file extraction.
If a user opens such a file or visits a malicious site, the exploit can allow files to be placed in unintended folders, including sensitive, such as the Windows Startup folder.
This can ensure that malignant software is automatically executed when the system comes on.
Rarlab, the developer of Winrar, has released Version 7.12 To tackle this error.
The vulnerability has no influence on versions of RAR or Unrar for Unix or Android. Users are encouraged to update as quickly as possible to reduce the risk of exploitation.
To remain protected against such threats, it is important to Best antivirus softwaretrustworthy Malware removal toolsAnd Strong endpoint protection. Even well -known tools can have errors, so running trusted security software and keeping all apps up to date helps the risk that malware slips unnoticed.
The new Winrar update also dissolves a non -related problem with the “Generate report” function. In older versions, file names in generated HTML reports were not correctly purified, which made Basic HTML injection possible. That has now been corrected.
In addition to the security fixes test Winrar 7.12 now recovery volumes during the testing of archive, which gives users a better confirmation that back -up files are intact. It also keeps precise nanosecond time stamps when changing Unix files on Windows.
Maybe you like it too
- Advertisement -
