Source: heimdalsecurity.com – Author: Madalina Popovici
A vulnerability in WinRAR, the widely used file compression and archiving software for Windows, could allow remote attackers to execute arbitrary code on a user’s computer by exploiting a flaw in the processing of recovery volumes.
The vulnerability, identified as CVE-2023-40477 with a CVSS score of 7.8, was reported to RARLAB on June 8th, 2023, by security researcher “goodbyeselene” from the Zero Day Initiative, explains Security Affairs.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the processing of recovery volumes. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
Zero Day Initiative Advisory (Source)
WinRAR 6.23
RARLAB has addressed the vulnerability by releasing version 6.23 of WinRAR.
Users are urged to update their software as soon as possible to protect against potential attacks exploiting this flaw.
In addition to fixing the RAR4 recovery volumes processing code vulnerability, version 6.23 of WinRAR also resolves a high-severity issue related to the initiation of incorrect files when dealing with specially crafted archives.
Furthermore, Microsoft is currently testing native support for RAR, 7-Zip, and GZ files in Windows 11, eliminating the need for third-party software like WinRAR for basic file compression and extraction tasks, as per Bleeping Computer. However, users who require the advanced features of WinRAR may still find it beneficial.
It’s crucial for those who continue using WinRAR to keep their software up-to-date, as previous flaws in the software have been exploited by hackers to deliver malware.
Close Vulnerabilities with Automated Patching
If you’re in search of a patch management solution, Heimdal® Patch & Asset Management could be the ideal option for you. Here are three main benefits from our offering:
- Unified Management: Heimdal’s Patch & Asset Management software allows you to manage patches for Windows, Linux, macOS, third-party, and even proprietary applications, all from a single platform.
- Compliance Simplified: Easily achieve compliance with a range of standards, including GDPR, UK PSN, HIPAA, PCI-DSS, and NIST, thanks to automatically generated detailed reports.
- Enhanced Security: Automatically conduct vulnerability and risk assessments, close vulnerabilities, mitigate exploits, and deploy updates both globally and locally, anytime, from anywhere in the world, enhancing your organization’s security posture.
Automate your patch management routine.
Heimdal® Patch & Asset Management Software
Remotely and automatically install Windows, Linux and 3rd party application updates and manage your software inventory.
- Schedule updates at your convenience;
- See any software assets in inventory;
- Global deployment and LAN P2P;
- And much more than we can fit in here…
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.
Original Post URL: https://heimdalsecurity.com/blog/winrar-vulnerability-allows-remote-code-execution/
Category & Tags: Cybersecurity News – Cybersecurity News
