A significant security vulnerability has been revealed in the WinRAR utility, which has the potential to be exploited by malicious actors to achieve remote code execution on Windows systems.
This vulnerability, identified as CVE-2023-40477 with a CVSS score of 7.8, arises from improper validation during the processing of recovery volumes. The Zero Day Initiative (ZDI) explained that the problem stems from inadequate validation of user-supplied data, leading to potential memory access beyond the boundaries of an allocated buffer. This vulnerability could be leveraged by an attacker to execute code within the current process.
To successfully exploit this flaw, it requires user interaction, where the target must either be enticed into visiting a malicious webpage or simply opening a rigged archive file.
The discovery and reporting of this vulnerability are credited to a security researcher operating under the alias “goodbyeselene” on June 8, 2023. The issue has since been addressed in WinRAR 6.23, which was released on August 2, 2023. The software maintainers stated, “A security issue involving out-of-bounds write has been resolved in the RAR4 recovery volumes processing code.”
The latest version of WinRAR also tackles another issue where “WinRAR could open the wrong file when a user double-clicked an item within a specially crafted archive.” This problem was reported by Group-IB researcher Andrey Polovinkin.
Users are strongly advised to update to the most recent version of WinRAR to mitigate potential security risks.