A popular windows file archive and compression tool has a high severity zero day vulnerability that could allow hackers to gain control of your computer. The flaw is tracked as CVE-2023-40477 and it affects the WinRAR utility. WinRAR is a popular file archiver for windows. It is used by millions to backup and compress data. A researcher from the Zero Day Initiative discovered that WinRAR did not do sufficient input validation and that can allow an attacker to access data outside the bounds of an allocated memory buffer. A specially crafted RAR file when opened, it could give remote attackers the ability to conduct remote code execution on the target system. Even though this is a zero day vulnerability, it was only given a CVSS score of 7.8 out of 10. This is because the attack requires user interaction where the attacker will need to trick the victim into opening the malicious RAR file. The vulnerability has been addressed in the latest version of WinRAR, version 6.23 which was released this month. It is recommended for all users of the utility to immediately upgrade and to be cautious and scan RAR files using an antivirus tool before opening.
https://thehackernews.com/2023/08/new-winrar-vulnerability-could-allow.html
https://www.zerodayinitiative.com/advisories/ZDI-23-1152/
https://www.win-rar.com/singlenewsview.html
This segment was created for the It’s 5:05 podcast