Other official information and services: www.belgium.be

WARNING: Remote Code Execution Vulnerability in WinRAR

Reference:

Advisory #2023-101

Version:

1.0

Affected software:

RARLAB WinRAR versions prior to 6.23

Type:

Remote code execution

CVE/CVSS:

CVE-2023-40477
CVSS score : 7.8
CVSS:3.0 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Date:

22/08/2023

Sources

https://www.zerodayinitiative.com/advisories/ZDI-23-1152/

https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=232&cHash=c5bf79590657e32554c6683296a8e8aa

Risks

By successfully exploiting CVE-2023-40477, a remote attacker could execute arbitrary code on affected installations. To be successful, this exploit requires user interaction, for instance in the form of the victim visiting a malicious website or opening a malicious file.

Description

RARLAB WinRAR is a popular utility used to compress, encrypt and archive data in Windows systems. The tool has been abused in the past by actors to deploy ransomware.

CVE-2023-40477 is a flaw in the processing of recovery volumes in WinRAR. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

Recommended Actions

RARLAB recommends upgrading WinRAR to version 6.23