Users of the archiving utility WinRAR are being advised to update their software as soon as possible following the discovery of a serious Remote Code Execution vulnerability.
Tracked as CVE-2023-40477, the security flaw was discovered back in June and it allows malicious code to run when opening a RAR archive. Two months on, the issue has been fixed, but users of the software will have to ensure that they have the latest update installed to guarantee protection.
The worrying flaw was discovered by a security researcher, goodbyeselene, from Zero Day Initiative. By simply opening a specially created archive, a victim can be tricked into running arbitrary code that could wreak untold damage.
The RCE vulnerability has a severity rating of 7.8, and is described as follows:
This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the processing of recovery volumes. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
With the release of WinRAR 6.23 final, RARLAB has addressed the bug. The company says in the release notes that it has fixed “a security issue involving out of bounds write is fixed in RAR4 recovery volumes processing code”.
It adds: “We are thankful to goodbyeselene working with Trend Micro Zero Day Initiative for letting us know about this bug”.
This is not the only security issue addressed in WinRAR 6.3; there is also a fix for a bug that can cause WinRAR to start a wrong file after a user double clicked an item in a specially crafted archive.
Full details are available here.