WinRAR Flaw Lets Hackers Run Programs When You Open RAR Archives

Cyber Security Threat Summary:
RARLAB recently fixed a high-severity vulnerability in WinRAR, a popular file archiver utility for Windows used by millions of users worldwide. Tracked as CVE-2023-40477, the flaw was discovered by security researcher “goodbyeselene” from Zero Day Initiative, who reported the bug to RARLab on June 8th, 2023. According to the researcher, the flaw exists within the processing of recovery volumes and results from a lack of proper validation of user-supplied data, further leading to memory access past the end of an allocated buffer. In turn, this could enable threat actors to remotely execute arbitrary code on the targeted system using a specially crafted RAR file.

Security Officer Comments:
It is unclear if this flaw has been exploited in attacks in the wild. However similar flaws in WinRAR have been leveraged in the past to install malware on targeted systems. The exploitation of CVE-2023-40477 does require user interaction where the attacker would need to convince a victim to open the RAR file. However, given the vast number of WinRAR users, this leaves ample opportunity for attackers.

Suggested Correction(s):
RARLAB released WinRAR version 6.23 on August 2nd, 2023, effectively addressing CVE-2023-40477. Therefore, WinRAR users are strongly advised to apply the available security update immediately. Apart from that, being cautious with what RAR files you open and using an antivirus tool that can scan archives would be a good security measure.

Link(s):
https://www.bleepingcomputer.com/ https://www.zerodayinitiative.com/advisories/ZDI-23-1152/