A critical vulnerability (CVE-2024-36052) in WinRAR versions prior to 7.00 enables attackers to manipulate displayed file names using ANSI escape sequences, embedding control characters in ZIP archives; when extracted, user interactions can trigger hidden malicious scripts instead of benign files, urging users to update to version 7.00 to fix this screen output spoofing vulnerability, specific to Windows, distinct from CVE-2024-33899 which impacts WinRAR on Linux and UNIX; caution in opening archives from untrusted sources and enabling file extension visibility are recommended preventive measures against this deceptive attack
https://cybersecuritynews.com/winrar-flaw-deceive-users/