top of page

Secure WinRAR Utility From Remote Code Execution with CVE-2023-40477

The cybersecurity domain is once again beset by a lofty security flaw, this time impacting the widely-used WinRAR utility that could potentially be leveraged by malicious actors to achieve remote code execution on Windows operated systems. This grave vulnerability has been tracked under CVE-2023-40477 label and awarded a distressing CVSS score of 7.8.

The origin of this vulnerability is entrenched in the lackluster validation procedures of the utility during recovery volume processing. In simpler terms, the system lacks the adequate measures to effectively scrutinize and validate data supplied by its users which can result in an errant memory access reaching beyond its allocated boundaries, an explanation put forth by the Zero Day Initiative (ZDI) in a recent advisory.

This susceptibility can be utilized by threat operators to execute code directly in the current active process. What is noteworthy is that the eventual exploitation of this flaw is contingent on user interaction. The victim must be successfully manipulated into either visiting a malevolent web page or coerced into opening a booby-trapped archive file.

Appreciation for uncovering and bringing to light this vulnerability goes to a security expert operating under the pseudonym, goodbyeselene. This flaw was reported to the concerned authorities on June 8, 2023. Fortunately, the issue in question has been competently managed in the recently launched WinRAR 6.23, which was released on August 2, 2023.

In the words of the software maintainers, an issue linked to out of bounds write in RAR4 recovery volume processing code has been comprehensively fixed, thus addressing this concern. Moreover, the updated WinRAR version also handles a second glaring issue wherein a peculiarly crafted archive could fool the WinRAR into launching an unintended file when a user initiated interaction through a double-click.

The discovery and reporting of this secondary problem has been attributed to a cybersecurity researcher from Group-IB, Andrey Polovinkin. As a remedial measure, users are strongly advised to transition to the latest software version at the earliest to guard themselves against such potential threats.

As the digital world evolves, it's paramount to stay conversant with the latest cybersecurity threats and trends. Therefore, subscribing to consistent updates in the cybersecurity domain is now more essential than ever before. Equip yourself with a secure future by immersing in a continuous flow of compelling cybersecurity news, insights, and practical tips.

At Darksteel Technologies, we are an Orlando based business that can handle all aspects of your IT security. Providing compliance, training, malware protection, cloud security, devsecops, vulnerability management, penetration testing, architecture design and any other information security requirement your business needs. We focus on your cybersecurity so you don't have to.


Commenting has been turned off.
bottom of page