A high-severity vulnerability has been fixed in WinRAR, the popular file archiver utility for Windows used by millions, that can execute commands on a computer simply by opening an archive.
Why does drag-and-drop archive extraction from 7-Zip to Explorer use temp files?
7-Zip doesn’t know folder path of drop target. Only Windows Explorer knows exact drop target. And Windows Explorer needs files (drag >source) as decompressed files on disk. So 7-Zip extracts files from archive to temp folder and then 7-Zip notifies Windows Explorer about >paths of these temp files. Then Windows Explorer copies these files to drop target folder.
To avoid temp file usage, you can use Extract command of 7-Zip or drag-and-drop from 7-Zip to 7-Zip.
You can decompress directly to the destination with 7zip as well. You just need to use the “extract” button instead of doing a drag and drop.
This is the right answer! Since I never used drag and drop I wasn’t ever aware that this was an issue.
According to the FAQ: