Critical bug in 7-Zip – make sure you’re up to date
To cut a long story short, Dave didn’t just figure out a vulnerability that was theoretically exploitable, he also created a proof-of-concept (PoC) exploit that showed how to create a RAR file that, when opened, would sneakily and unexpectedy launch the Calculator app. Generally speaking, if a PoC can pop up CALC.EXE without asking, it could be modified to run any other command, including malware, invisibly to the user.
Source: sophos.com