CVE-2023-40477: WinRAR Code Execution Vulnerability

WinRAR is a popular file archiver program that is used by millions of people around the world. It can create and view archives in RAR or ZIP file formats, and unpack numerous archive file formats. To enable the user to test the integrity of archives, WinRAR embeds CRC32 or BLAKE2 checksums for each file in each archive. WinRAR supports creating encrypted, multi-part, and self-extracting archives.

Recently, a new security vulnerability has been found in WinRAR, labeled CVE-2023-40477, carrying a CVSS score of 7.8. This flaw opens the door for remote attackers to execute arbitrary code on systems where WinRAR is installed. The very idea is that a malicious actor could gain control over a computer by merely convincing the user to open an infected file.

The root of the issue stems from the lack of rigorous validation of data supplied by users. This lax validation can lead to a scenario where memory access extends past the buffer that’s been allocated for it, creating a potential playground for cyber attackers. By exploiting this flaw, a malicious entity can execute code, all within the context of the ongoing process.

WinRAR, true to its reputation, has acted swiftly to address this concerning flaw. In its latest iteration, WinRAR 6.23, the CVE-2023-40477 vulnerability has been effectively patched. Users are strongly advised to update to this version to ensure they’re shielded from potential exploits that might leverage this vulnerability.

In addition to updating WinRAR, users can also take steps to protect themselves from this vulnerability by:

• Being careful about what files they open and run.
• Using a firewall to block malicious traffic.
• Keeping their operating system and other software up to date.
• Using a good antivirus program.

Update:

Winrar 6.23 also fixed another remote code execution vulnerability. This flaw tracked as CVE-2023-38831, is exploited by hackers in the wild.