Directory traversal vulnerability in rar 2.02 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) attack on archived filenames.