A high-severity vulnerability has been fixed in WinRAR, the popular file archiver utility for Windows used by millions, that can execute commands on a computer simply by opening an archive.
The flaw is tracked as CVE-2023-40477 and could give remote attackers arbitrary code execution on the target system after a specially crafted RAR file is opened.
The vulnerability was discovered by researcher “goodbyeselene” of Zero Day Initiative, who reported the flaw to the vendor, RARLAB, on June 8th, 2023.
“The specific flaw exists within the processing of recovery volumes,” reads the security advisory released on ZDI’s site.
“The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer.”
As a target needs to trick a victim into opening an archive, the vulnerability’s severity rating drops down to 7.8, as per the CVSS.
However, from a practical perspective, deceiving users into performing the required action shouldn’t be overly challenging, and given the vast size of WinRAR’s user base, attackers have ample opportunities for successful exploitation.
Mitigating the risk
RARLAB released WinRAR version 6.23 on August 2nd, 2023, effectively addressing CVE-2023-40477. Therefore, WinRAR users are strongly advised to apply the available security update immediately.
Apart from the RAR4 recovery volumes processing code fix, version 6.23 addresses an issue with specially crafted archives leading to wrong file initiation, which is also considered a high-severity problem.
It should also be noted that Microsoft is now testing native support on Windows 11 for RAR, 7-Zip, and GZ files, so third-party software like WinRAR will no longer be required in this version unless its advanced features are needed.
Those continuing to use WinRAR must keep the software updated, as similar flaws in the past were abused by hackers to install malware.
Apart from that, being cautious with what RAR files you open and using an antivirus tool that can scan archives would be a good security measure.
Source: https://www.bleepingcomputer.com/news/security/winrar-flaw-lets-hackers-run-programs-when-you-open-rar-archives/