Using WinRAR? Update now to avoid falling victim to this file path flaw
Windows versions of WinRAR need to be updated to avoid a serious flaw that could let hackers run code


Researchers have spotted a serious flaw in file archiving tool WinRAR that could allow hackers to run code on systems.
WinRAR's developer RARLAB has already issued a patch, along with advice to update the software immediately.
Spotted by a researcher working with Trend Micro's Zero Day Initiative, the directory traversal remote code execution (RCE) vulnerability only affected Windows versions of the software.
30% off Keeper Security's Business Starter and Business plans
Keeper Security is trusted and valued by thousands of businesses and millions of employees. Why not join them and protect your most important assets while taking advantage of this special offer?
This is due to how WinRAR manages file paths in archives, researchers said. Unix and Android versions aren’t affected.
"A crafted file path can cause the process to traverse to unintended directories," Trend Micro's Zero Day Initiative (ZDI) said in an advisory. "An attacker can leverage this vulnerability to execute code in the context of the current user."
The vulnerability was reported by ZDI to RARLAB on June 5th, with the two organizations working on a coordinated advisory release two weeks later.
How the WinRAR flaw works
A RARLAB advisory noted that the flaw could be exploited to cause files to be written outside the intended directory.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
"This flaw could be exploited to place files in sensitive locations — such as the Windows Startup folder — potentially leading to unintended code execution on the next system login," the developer's advisory noted.
The ZDI advisory added that hackers would need to trick victims into opening a dodgy file or clicking a malicious link in order to take advantage of the flaw.
"This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR," the advisory added.
"User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file."
Update now
RARLAB said anyone using the Windows version of WinRAR should update to newly released version 7.12 to resolve the serious flaw.
"We encourage all users to update their software to the latest version," the advisory noted.
Alongside the file path flaw, the updated version of WinRAR also addressed an HTML injection vulnerability in the "generate report" feature.
"Older versions of WinRAR’s 'Generate Report' feature included archived file names in the generated HTML without sanitization, allowing file names with HTML tags to be injected into the report," the company said.
Beyond the security patches, the latest version also includes improved testing of Recover Volumes to help ensure integrity of backups, and preservation of nanosecond timestamps in Unix file records, alongside other improvements.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
Freelance journalist Nicole Kobie first started writing for ITPro in 2007, with bylines in New Scientist, Wired, PC Pro and many more.
Nicole the author of a book about the history of technology, The Long History of the Future.
-
Amazon CEO Andy Jassy doubles down on the company's AI focus
News Amazon CEO Andy Jassy thinks companies need to "lean into" AI and embrace the technology despite concerns over job losses.
-
A major ransomware hosting provider just got hit US with sanctions
News Aeza Group's services were being used for ransomware, infostealers, and disinformation
-
A major ransomware hosting provider just got hit US with sanctions
News Aeza Group's services were being used for ransomware, infostealers, and disinformation
-
Hackers are using PDFs to impersonate big brands like Microsoft and PayPal in a new threat campaign
News Hackers are increasingly using PDF attachments to impersonate major brands in phishing campaigns, according to new research from Cisco Talos.
-
UK firms are 'sleepwalking' into smart building cyber threats
News The convergence of operational technology and IT systems is posing serious risks for property firms.
-
5 Steps to Prioritize Based on Risk with Snyk
-
Beyond the Vulnerability Backlog: Building Risk-Based AppSec Programs
-
Why the Fastest Technology Companies choose Snyk Cheat Sheet
-
6 steps to a stronger security posture through automation
-
IT & Security: The Critical Alliance Against Cyber Threats
Whitepaper Actionable tips for creating a unified defense