[ad_1]
A high-severity safety flaw has been disclosed within the WinRAR utility that may very well be probably exploited by a menace actor to realize distant code execution on Home windows techniques.
Tracked as CVE-2023-40477 (CVSS rating: 7.8), the vulnerability has been described as a case of improper validation whereas processing restoration volumes.
“The problem outcomes from the dearth of correct validation of user-supplied information, which can lead to a reminiscence entry previous the top of an allotted buffer,” the Zero Day Initiative (ZDI) mentioned in an advisory.
“An attacker can leverage this vulnerability to execute code within the context of the present course of.”
Profitable exploitation of the flaw requires person interplay in that the goal should be lured into visiting a malicious web page or by merely opening a booby-trapped archive file.
A safety researcher, who goes by the alias goodbyeselene, has been credited with discovering and reporting the flaw on June 8, 2023. The problem has been addressed in WinRAR 6.23 launched on August 2, 2023.
“A safety problem involving out of bounds write is fastened in RAR4 restoration volumes processing code,” the maintainers of the software program mentioned.
The most recent model additionally addresses a second problem whereby “WinRAR may begin a fallacious file after a person double clicked an merchandise in a specifically crafted archive.” Group-IB researcher Andrey Polovinkin has been credited for reporting the issue.
Customers are beneficial to replace to the newest model to mitigate potential threats.
[ad_2]