Directory traversal vulnerability in WinRAR 3.42 and earlier, when the user clicks on the ZIP file to extract it, allows remote attackers to create arbitrary files via a ... (triple dot) in the filename of the ZIP file.
From 神龙GPT (AIGC)
在WinRAR 3.42及更早版本中,目录遍历漏洞允许远程攻击者通过 ZIP 文件名中的...(三 dots)创建任意文件。