WARNING: Remote Code Execution Vulnerability in WinRAR
CVE-2023-40477
CVSS score : 7.8
CVSS:3.0 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Sources
https://www.zerodayinitiative.com/advisories/ZDI-23-1152/
Risks
By successfully exploiting CVE-2023-40477, a remote attacker could execute arbitrary code on affected installations. To be successful, this exploit requires user interaction, for instance in the form of the victim visiting a malicious website or opening a malicious file.
Description
RARLAB WinRAR is a popular utility used to compress, encrypt and archive data in Windows systems. The tool has been abused in the past by actors to deploy ransomware.
CVE-2023-40477 is a flaw in the processing of recovery volumes in WinRAR. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
Recommended Actions
RARLAB recommends upgrading WinRAR to version 6.23