Winrar malware issues?

[Guest]

I read the news about winrar version 7.12 have a malware vulnerability right? The solution is update to 7.13, and I already do that.

 

The question is, how about the archive files that already made bu 7.12 version? Am I need to recreate (re-archive) the files with winrar 7.13?

[whispous]

Is there a reason you need to use WinRar rather than 7zip?

[Guest]

6 minutes ago, whispous said:

Is there a reason you need to use WinRar rather than 7zip?

dont want to debate about personal preference, just want to know the answer of my question thanks

[Skipple]

We are referring to CVE-2025-6218

31 minutes ago, Wfz234 said:

The question is, how about the archive files that already made bu 7.12 version? Am I need to recreate (re-archive) the files with winrar 7.13?

No. As far as I'm understanding, an attacker can create a .rar that exploits lack of data sanitization in WinRAR to perpetrate malicious activity. Upon extracting a malicious .rar, your computer can become infected. 

 

This does not mean .rar files you have created can be exploded. Rather malicious .rar files can exploit the vulnerability that exists in WinRAR 7.12 upon extraction. 7.13 has corrected this lack of sanitization and malicious .rar files can no longer take advantage. 

 

Low Level has great video if you are interested in the inner workings of the vulnerability:

 

[Skipple]

32 minutes ago, whispous said:

Is there a reason you need to use WinRar rather than 7zip?

[whispous]

19 minutes ago, Skipple said:

No, but it does mean everyone gets to see what's inside.

[OddOod]

TBH I just use the built in windows explorer unzipper....
Regardless, yes, there is a malware vulnerability in 7.12. But that vulnerability is in the unzipping procedure. If a bad actor wanted to exploit that they'd need to get you to unzip an infected zip file using 7.12. Unzipping the same file with 7.13 wouldn't hurt you at all unless the contents of the zip itself were malware