WinRAR flaw lets hackers run programs when you open RAR archives

2023-08-18 17:20

The flaw is tracked as CVE-2023-40477 and could give remote attackers arbitrary code execution on the target system after a specially crafted RAR file is opened.

RARLAB released WinRAR version 6.23 on August 2nd, 2023, effectively addressing CVE-2023-40477.

WinRAR users are strongly advised to apply the available security update immediately.

Apart from the RAR4 recovery volumes processing code fix, version 6.23 addresses an issue with specially crafted archives leading to wrong file initiation, which is also considered a high-severity problem.

Those continuing to use WinRAR must keep the software updated, as similar flaws in the past were abused by hackers to install malware.

Apart from that, being cautious with what RAR files you open and using an antivirus tool that can scan archives would be a good security measure.

News URL

https://www.bleepingcomputer.com/news/security/winrar-flaw-lets-hackers-run-programs-when-you-open-rar-archives/

#hacker #winrar #CVE-2023-40477

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2024-05-03	CVE-2023-40477	RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability.	0.0