This is especially relevant considering that previous vulnerabilities in WinRAR have been exploited by malicious actors to install malware. For those who continue to use WinRAR, it's crucial to maintain updated software versions. This development means that third-party software like WinRAR might not be necessary for handling these file formats, except for cases where advanced features are required. Users of WinRAR are strongly advised to promptly apply this security update to safeguard their systems.įurthermore, it's important to highlight that Microsoft is currently testing native support for RAR, 7-Zip, and GZ files in Windows 11. This update not only resolves CVE-2023-40477 related to RAR4 recovery volumes but also addresses another high-severity concern involving improperly initiated files within specially crafted archives. Probably, to address this issue, RARLAB released WinRAR version 6.23 on August 2nd, 2023. Although this requirement somewhat reduces the risk, the substantial user base of WinRAR presents ample opportunities for potential exploitation. While the severity rating of this vulnerability is 7.8 according to the CVSS, it's worth noting that attackers would need to manipulate users into opening a specially crafted RAR file to exploit it. The vulnerability stemmed from inadequate validation of user-provided data, leading to potential memory access beyond the boundaries of allocated buffers. The flaw was reported by the researcher "goodbyeselene" of Zero Day Initiative on June 8th, 2023, and it was acknowledged by the vendor, RARLAB. This vulnerability, identified as CVE-2023-40477, had the potential to allow remote attackers to execute arbitrary code on a targeted system by exploiting a flaw in the processing of recovery volumes. Researchers at RARLAB has identified a significant security vulnerability has been successfully patched in WinRAR, a widely used file archiver utility for Windows.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |