11.5 C
New York
Tuesday, April 16, 2024

New WinRAR Vulnerability May Permit Hackers to Take Management of Your PC


Aug 21, 2023THNVulnerability / Cyber Menace

WinRAR Vulnerability

A high-severity safety flaw has been disclosed within the WinRAR utility that might be probably exploited by a risk actor to realize distant code execution on Home windows programs.

Tracked as CVE-2023-40477 (CVSS rating: 7.8), the vulnerability has been described as a case of improper validation whereas processing restoration volumes.

“The problem outcomes from the dearth of correct validation of user-supplied knowledge, which can lead to a reminiscence entry previous the tip of an allotted buffer,” the Zero Day Initiative (ZDI) mentioned in an advisory.

Cybersecurity

“An attacker can leverage this vulnerability to execute code within the context of the present course of.”

Profitable exploitation of the flaw requires person interplay in that the goal have to be lured into visiting a malicious web page or by merely opening a booby-trapped archive file.

A safety researcher, who goes by the alias goodbyeselene, has been credited with discovering and reporting the flaw on June 8, 2023. The problem has been addressed in WinRAR 6.23 launched on August 2, 2023.

“A safety difficulty involving out of bounds write is mounted in RAR4 restoration volumes processing code,” the maintainers of the software program mentioned.

The newest model additionally addresses a second difficulty whereby “WinRAR may begin a unsuitable file after a person double clicked an merchandise in a specifically crafted archive.” Group-IB researcher Andrey Polovinkin has been credited for reporting the issue.

Customers are beneficial to replace to the most recent model to mitigate potential threats.

Discovered this text attention-grabbing? Comply with us on Twitter and LinkedIn to learn extra unique content material we submit.



Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles