Researchers are encouraging organizations to update their installations of the WinRAR utility as soon as possible after the disclosure of a serious vulnerability that could allow an attacker to execute remote code.
The flaw is an out-of-bounds write in some versions of WinRAR, and although it can lead to remote code execution, it requires user interaction for the exploit to work, which mitigates the risk somewhat.
“This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file,” the security advisory for the vulnerability (CVE-2023-40477) says.
“The specific flaw exists within the processing of recovery volumes. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.”
WinRAR is a massively popular compression and extraction utility that has been in use for more than two decades. It’s likely present in the vast majority of large enterprises and SMBs, so an RCE vulnerability in WinRAR would make for an attractive target for many attackers.
The researcher who discovered the vulnerability reported it through the Zero Day Initiative, which disclosed it to the vendor, RARLAB, on June 8. The vendor released an updated version to address the vulnerability on August 2, but the details of the bug only became public in the last few days.
The version that contains the fix for this vulnerability is WinRAR 6.23.