Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN496
_____________________________________________________________________

DATE                : 11/08/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running WinRAR versions prior to 7.13.

=====================================================================
https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5
_____________________________________________________________________

WinRAR 7.13 Final released
Release date: 30.07.2025

    Another directory traversal vulnerability, differing from that
in WinRAR 7.12, has been fixed.
     
    When extracting a file, previous versions of WinRAR, Windows
versions of RAR, UnRAR, portable UnRAR source code and UnRAR.dll can
be tricked into using a path, defined in a specially crafted archive,
instead of user specified path.
     
    Unix versions of RAR, UnRAR, portable UnRAR source code and UnRAR
library, also as RAR for Android, are not affected.
     
    We are thankful to Anton Cherepanov, Peter Kosinar, and Peter
Strycek from ESET for letting us know about this security issue.
     
    Bugs fixed:
     
        WinRAR 7.12 "Import settings from file" command failed to restore
settings, saved by WinRAR versions preceding 7.12;
         
        WinRAR 7.12 set a larger than specified recovery size for
compression profiles, created by WinRAR 5.21 and older.
         

About win.rar GmbH:
win.rar GmbH has been the official distributor of WinRAR and RARLAB
products since February 2002 and handles all support, marketing and
sales related to WinRAR & rarlab.com. win.rar GmbH is registered in
Germany and is represented worldwide by local partners in more than
40 countries on six continents. win.rar's declared objective is to
provide first-class quality support and to optimize its software to
meet customer's requirements in accordance with their valued feedback.
For more information about WinRAR and win.rar GmbH please visit our
website: www.win-rar.com


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================