WinRAR archive vulnerabilities potentially put millions of users and third parties at risk. Updating is highly recommended.
WinRAR is a program for Windows that allows you to compress and archive files. Recently, researchers discovered a security vulnerability that could put millions of users at risk.
the facts
The vulnerability has a CVSS score of 7.8 and is coded CVE-2023-40477. It was discovered on June 8 by a security researcher working with him zero day initiative, part of Trend micro. It happened publicly on August 17th.
WinRAR was notified by researchers and the company released a patch on August 2 via an update in the model version 6.23 from the program. This update also fixes some minor bugs.
There is an alternative for Windows 11 users. Since a few months ago, this system supports standard RAR files, which means that you no longer have to install WinRAR to open these files.
Read also
How WinRAR and Office 365 are the perfect APT attack key
danger
CVE-2023-40477 allows (malicious) code to run when someone opens a RAR file. Due to the lack of user data to verify when opening an archived file, an attacker can access memory.
That also overrides the allocated buffer. The vulnerability allows a hacker to create a RAR file to execute code.
WinRAR is shareware, so it’s free to download. You can then use it for more than a month before you start paying. As a result, the software has hundreds of millions of users, but it is also popular with people with bad intentions. This is not the first time that a security vulnerability has appeared in WinRAR. As always, what was best back then also applies, and modernization is the message.
