There is a gaping security hole that has yet to be patched on the popular file compression software, WinRAR. The vulnerability affects the latest version of the software.
The bug allows remote attackers to make a compressed self-extracting (SFX) archive file and execute code on a computer when it is opened through WinRAR. This is done through HTML code in the text display window when the file is created, as shown below:
There is currently no patch for this vulnerability so users of WinRAR 5.21 are are advised to exercise caution when opening SFX files from unknown sources and to download the patch as soon as it is made available through WinRAR.
[Via Malware Bytes]