CVE-2014-9983

Name of the Vulnerable Software and Affected Versions RAR versions 4.x through 5.x

Description The issue allows remote attackers to write to arbitrary files by creating a crafted archive that includes symlinks. When an unpack operation is performed, it follows any symlinks contained in the archive, enabling the attack.

Recommendations For RAR versions 4.x through 5.x, consider avoiding the use of symlinks in archives until a patch is available. As a temporary workaround, restrict the unpack operation to prevent it from following symlinks.