An arbitrary code execution vulnerability was discovered in WinRAR, which can be exploited by opening a specially crafted RAR file. The CVE for this vulnerability is given as CVE-2023-40477, and the severity is 7.8 (High) as per Zero Day Initiative.
This vulnerability was reported to WinRAR by security researcher “goodbyeselene”. It is an archive manager for the Windows Platform, used by millions of users worldwide.
WinRAR can zip and unzip archive files with formats AR, ZIP, CAB, ARJ, LZH, TAR, GZip, UUE, ISO, BZIP2, Z, and 7-Zip.
CVE-2023-40477 – Remote Code Execution Vulnerability
This vulnerability exists due to improper validation of user-supplied input, which can result in accessing memory passing the end of the allocated buffer.
An attacker can exploit this vulnerability by creating a specially crafted file that could leverage the current process to execute arbitrary codes on the system.
As per reports from ZDI, this vulnerability requires user interaction for exploitation. The user must either visit a malicious page or open a malicious file which could result in this specific flaw in processing recovery volumes.
In response to this vulnerability, WinRAR released a patch in their new version 6.23 along with a security advisory about the new features and security patches. “a security issue involving out-of-bounds write is fixed in RAR4 recovery volumes processing code,” reads the security advisory by WinRAR.
In addition to this, new features and another vulnerability that was discovered by Group-IB, which was mentioned as “a wrong file after a user double-clicked an item in a specially crafted archive,” was also fixed by WinRAR.
Though WinRAR has existed for decades, Microsoft has been working on its own archive manager for opening .7z, ZIP, and RAR files without using third-party software like WinRAR.
Users of WinRAR are advised to upgrade to the latest version to prevent this vulnerability from getting exploited.