New WinRAR Vulnerability May Permit Hackers to Take Management of Your PC


î ‚Aug 21, 2023î „THNVulnerability / Cyber Menace

WinRAR Vulnerability

A high-severity safety flaw has been disclosed within the WinRAR utility that could possibly be doubtlessly exploited by a risk actor to realize distant code execution on Home windows programs.

Tracked as CVE-2023-40477 (CVSS rating: 7.8), the vulnerability has been described as a case of improper validation whereas processing restoration volumes.

“The difficulty outcomes from the dearth of correct validation of user-supplied knowledge, which can lead to a reminiscence entry previous the top of an allotted buffer,” the Zero Day Initiative (ZDI) mentioned in an advisory.

Cybersecurity

“An attacker can leverage this vulnerability to execute code within the context of the present course of.”

Profitable exploitation of the flaw requires consumer interplay in that the goal have to be lured into visiting a malicious web page or by merely opening a booby-trapped archive file.

A safety researcher, who goes by the alias goodbyeselene, has been credited with discovering and reporting the flaw on June 8, 2023. The difficulty has been addressed in WinRAR 6.23 launched on August 2, 2023.

“A safety challenge involving out of bounds write is mounted in RAR4 restoration volumes processing code,” the maintainers of the software program mentioned.

The newest model additionally addresses a second challenge whereby “WinRAR may begin a fallacious file after a consumer double clicked an merchandise in a specifically crafted archive.” Group-IB researcher Andrey Polovinkin has been credited for reporting the issue.

Customers are really useful to replace to the most recent model to mitigate potential threats.

Discovered this text fascinating? Comply with us on Twitter ï‚™ and LinkedIn to learn extra unique content material we put up.



Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles