New WinRAR Vulnerability Could Allow Hackers to Take Control of Your PC

2023-08-21 13:44

A high-severity security flaw has been disclosed in the WinRAR utility that could be potentially exploited by a threat actor to achieve remote code execution on Windows systems.

Tracked as CVE-2023-40477, the vulnerability has been described as a case of improper validation while processing recovery volumes.

"An attacker can leverage this vulnerability to execute code in the context of the current process."

The issue has been addressed in WinRAR 6.23 released on August 2, 2023.

"A security issue involving out of bounds write is fixed in RAR4 recovery volumes processing code," the maintainers of the software said.

The latest version also addresses a second issue wherein "WinRAR could start a wrong file after a user double clicked an item in a specially crafted archive." Group-IB researcher Andrey Polovinkin has been credited for reporting the problem.

News URL

https://thehackernews.com/2023/08/new-winrar-vulnerability-could-allow.html

#hacker #vulnerability #winrar #CVE-2023-40477

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2024-05-03	CVE-2023-40477	RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability.	0.0

News URL

Related news

Related Vulnerability