A security vulnerability of significant severity has been revealed in the WinRAR utility, posing a potential risk for threat actors to execute remote code on Windows systems.
Logged under CVE-2023-40477 with a CVSS score of 7.8, this vulnerability stems from improper validation during the processing of recovery volumes.
How the New WinRAR vulnerbaility occurs?
“The problem arises due to inadequate validation of user-supplied data, potentially leading to memory access beyond the allocated buffer’s end,” noted the Zero Day Initiative (ZDI) in an advisory.
“An attacker can leverage this vulnerability to execute code in the context of the current process.”
To exploit this flaw successfully, user interaction is necessary. The target must be enticed into either accessing a malicious webpage or merely opening a compromised archive file.
The credit for discovering and reporting the flaw on June 8, 2023, goes to a security researcher known by the alias “goodbyeselene.” This concern has been resolved in the WinRAR 6.23 version, released on August 2, 2023.
The software maintainers have rectified a security matter related to out-of-bounds writing within the RAR4 recovery volumes processing code.
The most recent release also resolves a separate issue where “WinRAR might launch an incorrect file upon a user’s double-click of an item within a specifically crafted archive.” The recognition for reporting this problem goes to Group-IB researcher Andrey Polovinkin.
- Keep Software Updated: Ensure that you’re using the latest version of WinRAR, as software updates often include security patches that address known vulnerabilities.
- Regular Security Audits: Conduct periodic security audits of your systems to identify and address any potential vulnerabilities, including those related to WinRAR.
- User Training: Educate users about safe browsing habits and the risks associated with opening suspicious files or clicking on unknown links, as many vulnerabilities require user interaction to be exploited.
- Use Reliable Sources: Only download WinRAR or any software from official and trusted sources to reduce the risk of downloading compromised versions.
- Antivirus and Anti-Malware: Keep your antivirus and anti-malware software up to date. These tools can help detect and block attempts to exploit vulnerabilities.