A serious vulnerability has been detected in WinRAR, the popular file compression program with more than 500 million users worldwide. The vulnerability, identified by reference number CVE-2023-40477, allows arbitrary code execution on the target user’s system.The high severity vulnerability was identified by a researcher from the Zero Day Initiative team nicknamed “goodbyeselene”. The expert immediately took action and forwarded a detailed report of the problem to RARLAB, which developed WinRAR.
How is it exploited?
According to a security bulletin posted on the ZDI website, user interaction is required for attackers to exploit this vulnerability. So hackers have to trick the victim into opening a malicious archive file.
The issue is caused by the user-supplied data not being properly validated. This can lead to memory access outside the allocated buffer. As a result, it becomes possible to run code in the system in the context of the current process.
How am I protected?
RARLAB fixed this vulnerability by releasing WinRAR version 6.23. WinRAR users are strongly recommended to update the program as soon as possible to avoid any attacks. You can download the new version from the website you can access by clicking here.
51550
