WinRAR Security Flaw Could Allow Command Execution

Heads up, WinRAR users! It’s time to update your systems with the latest WinRAR version to avoid security risks. The developers have patched a severe security flaw in WinRAR that could allow remote code execution attacks.

Remote Code Execution Flaw Discovered In WinRAR

Researchers from Trend Micro Zero Day Initiative (ZDI) discovered a serious vulnerability affecting RARLAB’s WinRAR archiving tool.

WinRAR is a popular file archiving tool available as trialware, allowing enterprise or personal users to create .rar archives. The software’s support for various archive formats has won it a vast customer base, suggesting the massive impact of the tool’s malicious exploitation.

According to ZDI’s latest advisory, a high-severity security flaw existed in WinRAR that could allow remote code execution attacks.

The vulnerability CVE-2023-40477 (CVSS score 7.8) existed in the recovery volumes processing due to “lack of proper validation proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer.” An adversary could easily exploit this flaw by tricking the target user into opening a maliciously crafted archive file or visiting a malicious URL. Once done, the attacker could execute arbitrary codes in the current process’s context.

Following this discovery, the developers patched the flaw with WinRAR version 6.23, sharing all the changes via an advisory. Besides the out-of-bounds write vulnerability that ZDI researchers highlighted, the advisory also mentioned fixing other bugs, including opening the wrong file after double-clicking an item in a specially crafted archive, and others.

Since the patch has been released, users must download the latest WinRAR versions from the official website to avoid potential threats. Besides, users must always remain careful when interacting with attachments or URLs from unsolicited sources. In addition, users should ensure to equip their systems with robust anti-malware programs to prevent such threats.

Let us know your thoughts in the comments.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil