**Name of the Vulnerable Software and Affected Versions:**

WinRAR versions prior to 7.12

**Description:**

This vulnerability allows remote attackers to execute arbitrary code on affected installations of WinRAR. User interaction is required, as the target must open a malicious file. The flaw resides in the handling of file paths within archive files, allowing a crafted file path to cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. The Paper Werewolf group has exploited this vulnerability in targeted attacks against Russian organizations. Approximately 500 million users worldwide may be affected. The vulnerability allows manipulation of archive paths, potentially writing to protected system folders.

**Recommendations:**

Update WinRAR to version 7.12 or later.