New WinRAR Vulnerability Could Allow Hackers to Take Control of Your PC

23-08-2023
Share
New WinRAR Vulnerability Could Allow Hackers to Take Control of Your PC

A high-severity security flaw has been disclosed in the WinRAR utility that could be potentially exploited by a threat actor to achieve remote code execution on Windows systems.

Tracked as CVE-2023-40477 (CVSS score: 7.8), the vulnerability has been described as a case of improper validation while processing recovery volumes.

“The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer,” the Zero Day Initiative (ZDI) said in an advisory.

A security researcher, who goes by the alias goodbyeselene, has been credited with discovering and reporting the flaw on June 8, 2023. The issue has been addressed in WinRAR 6.23 released on August 2, 2023.

“A security issue involving out of bounds write is fixed in RAR4 recovery volumes processing code,” the maintainers of the software said.

The latest version also addresses a second issue wherein “WinRAR could start a wrong file after a user double clicked an item in a specially crafted archive.” Group-IB researcher Andrey Polovinkin has been credited for reporting the problem.

 

Source: https://thehackernews.com/