Aug 27, 2023 · 4 Min read

CVE-2023-40477

WinRAR Vulnerable To Remote Code Execution

Post

DESCRIPTION

Developer of WinRAR, RARLAB, has released a new version, WinRAR 6.23, addressing the vulnerability. This vulnerability is assigned the CVE code number CVE-2023-40477. The vulnerability stems from insufficient validation of user-supplied data when opening archive files, which could result in accessing memory outside the allocated buffer boundaries.

Essentially, an attacker can exploit this vulnerability by crafting a RAR file that triggers code execution within it, running within the context of the active process. Due to its potential serious impact, this vulnerability has a high severity score on the Common Vulnerability Scoring System (CVSS) scale, specifically 7.8.

The vulnerability was first discovered by a security researcher known as "goodbyeselene," who collaborated with Trend Micro's Zero Day Initiative (ZDI) on June 8. They reported their findings to the developers, and the vulnerability was publicly disclosed by ZDI on August 17. However, the developer had already released the latest version of the application with fixes since August 2, namely WinRAR 6.23.

AFFECTED SYSTEMS

The affected versions are those prior to version 6.23. This vulnerability has been addressed in version WinRAR 6.23. Therefore, if you are using a version earlier than WinRAR, it is highly recommended to update to version 6.23 or newer to avoid the risks associated with this vulnerability.

VULNERABILITY IMPACT

The impact of the vulnerability described in the statement above can be extremely serious. This vulnerability allows attackers to execute malicious code within the user's system when they open an infected RAR file. In other words, attackers can take control of the infected system and perform various harmful actions, including:

• Malware Code Execution: Attackers can execute malicious code such as viruses, worms, or trojans within the user's system. This can result in data theft, file damage or deletion, or even complete system takeover.

• Information Theft: Attackers can use this vulnerability to steal sensitive information from the user's system, such as passwords, personal data, financial information, and more.

• Denial of Service (DoS): Attackers can use this vulnerability to disrupt or halt services on the user's system in a detrimental manner, such as stopping applications or even rendering the system unresponsive.

• Privilege Escalation: If attackers successfully execute code within the system, they may be able to escalate their access privileges from lower levels to higher levels, giving them more control over the system.

Because this vulnerability has the potential for significant impact, it is crucial for WinRAR users to promptly update their software to the patched version (WinRAR 6.23) or a newer version released by the developer. Ensuring software remains updated is a critical step in maintaining the security of user systems and data.

RECOMMENDATIONS

RARLAB Has Released a Security Update: The statement mentions that RARLAB, the developer of WinRAR, has released a security update to address the CVE-2023-40477 vulnerability. This is an important step in addressing the vulnerability, as this update will fix the issue that allows potential attacks.

Users Must Manually Update to Version 6.23: Unfortunately, WinRAR software does not have an automatic update option. This means users must manually download and install the latest version, WinRAR 6.23. This is a necessary step to replace the previous version vulnerable to attacks.