This message was posted to full-disclosure http://lists.netsys.com/pipermail/full-disclosure/2004-October/027348.html after decoding it, it basically says there is a directory traversal hole in unarj. It is possible for an attacker to create a specially crafted arj archive, which when a user extracts with the x flag, it is possible for a file to be placed anywhere the user running arj has write permissions.
Created attachment 106504 [details] Demo exploit for this issue. You have to give unarj the 'x' option to see the result of this exploit. It will try to stick a file in /etc called foo.