Security News > 2023 > August > New WinRAR Vulnerability Could Allow Hackers to Take Control of Your PC
A high-severity security flaw has been disclosed in the WinRAR utility that could be potentially exploited by a threat actor to achieve remote code execution on Windows systems.
Tracked as CVE-2023-40477, the vulnerability has been described as a case of improper validation while processing recovery volumes.
"An attacker can leverage this vulnerability to execute code in the context of the current process."
The issue has been addressed in WinRAR 6.23 released on August 2, 2023.
"A security issue involving out of bounds write is fixed in RAR4 recovery volumes processing code," the maintainers of the software said.
The latest version also addresses a second issue wherein "WinRAR could start a wrong file after a user double clicked an item in a specially crafted archive." Group-IB researcher Andrey Polovinkin has been credited for reporting the problem.
News URL
https://thehackernews.com/2023/08/new-winrar-vulnerability-could-allow.html
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-05-03 | CVE-2023-40477 | RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. | 0.0 |