A high severity vulnerability has been found in RARLAB’s popular Windows file archiver WinRAR. Security researchers at the Zero Day Initiative who first identified this vulnerability in June have published a security advisory about this flaw now that an update has been issued by the vendor. This vulnerability has the possibility of allowing remote, unauthenticated attackers to execute code on a system after a malicious RAR file is opened by their target.
Tracked as CVE-2023-40477 this vulnerability has been given a high severity rating and a CVSS base score of 7.8. This vulnerability occurs when the software attempts to process recovery volumes. For an attacker to exploit this flaw, they must first convince the victim to access a malicious page or open a malicious file on the target device. This allows the attacker to perform this exploit remotely and without the need for authentication, however it does require utilising other methods such as social engineering in order to trick the victim into opening the malicious archive and trigger the attack. Incorrect validation of user-supplied data causes the software to access information past the end of the allocated buffer. This buffer overflow can then result in arbitrary code execution by the attacker on the affected system.
The newest release version of WinRAR patches this flaw, amongst other bug fixes. This is the final release of version 6.23, meaning the beta version is no longer available to download. Users should update to this most recent version in order to apply the vendor’s patch for this flaw and prevent exploitation of their systems. Also patched in this update is a fix for a bug that causes the wrong file to start after an item within a specially crafted archive is double clicked by a user. This flaw is also considered to be a high severity issue so should also be resolved by users as soon as possible.