WinRAR 7.13
WinRAR is an archiving utility that completely supports RAR and ZIP archives and is able to unpack CAB, ARJ, LZH, TAR, GZ, UUE, BZ2, JAR, ISO, 7Z, Z archives. It consistently makes smaller archives than the competition, saving disk space and transmission costs. WinRAR offers you the benefit of industry strength archive encryption using AES (Advanced Encryption Standard) with a key of 128 bits. It supports files and archives up to 8,589 billion gigabytes in size. It also offers the ability to create self extracting and multi volume archives. With recovery record and recovery volumes, you can reconstruct even physically damaged archives.
WinRAR 7.13 changelog:
- Another directory traversal vulnerability, differing from that in WinRAR 7.12, has been fixed. When extracting a file, previous versions of WinRAR, Windows versions of RAR, UnRAR, portable UnRAR source code and UnRAR.dll can be tricked into using a path, defined in a specially crafted archive, instead of user specified path. Unix versions of RAR, UnRAR, portable UnRAR source code and UnRAR library, also as RAR for Android, are not affected. We are thankful to Anton Cherepanov, Peter Kosinar, and Peter Strycek from ESET for letting us know about this security issue.
Bugs fixed
- WinRAR 7.12 "Import settings from file" command failed to restore settings, saved by WinRAR versions preceding 7.12;
- WinRAR 7.12 set a larger than specified recovery size for compression profiles, created by WinRAR 5.21 and older.