1. Another directory traversal vulnerability, differing from that
in WinRAR 7.12, has been fixed.
When extracting a file, previous versions of WinRAR, Windows versions
of RAR, UnRAR, portable UnRAR source code and UnRAR.dll can be tricked
into using a path, defined in a specially crafted archive,
instead of user specified path.
Unix versions of RAR, UnRAR, portable UnRAR source code
and UnRAR library, also as RAR for Android, are not affected.
We are thankful to Anton Cherepanov, Peter Kosinar, and Peter Strycek
from ESET for letting us know about this security issue.
2. Bugs fixed:
a) WinRAR 7.12 "Import settings from file" command failed to restore
settings, saved by WinRAR versions preceding 7.12;
b) WinRAR 7.12 set a larger than specified recovery size for compression
profiles, created by WinRAR 5.21 and older.
Télécharger rapidement votre 40 jours version d'essai gratuite de RAR ou WinRAR!
Télécharger le trial Disclaimer