The vulnerability resides within Doom Launcher’s game loading logic. During the RAR decompression process, the application fails to adequately filter file paths. This allows relative path patterns, such as ../, to be passed directly to the file system. This issue stems from a lack of path validation when using the SevenZipSharp library, coupled with a missing secondary verification layer at the application level.
An attacker can exploit this to plant malicious files in sensitive locations, such as the user’s Startup folder. Upon the next system reboot, the planted file will execute, leading to full arbitrary code execution.
The vendor has addressed this vulnerability in version 3.8.2.0 by implementing validation for relative paths during the game loading process.