Vulnerability Management

High-severity WinRAR vulnerability addressed

Fixes have been issued by RARLAB for a high-severity security flaw in the Windows file archiver utility WinRAR, which could be leveraged to facilitate arbitrary code execution, reports BleepingComputer. Identified and reported by Zero Day Initiative researcher "goodbyeselene" in early June, the vulnerability, tracked as CVE-2023-40477, was observed within the recovery volume processing, according to a security advisory on the ZDI site. "The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer," said the advisory. Immediate application of the fix as part of WinRAR version 6.23, which also deals with another high-severity issue involving wrong file initiation vulnerability stemming from a specially crafted archive problem, has been urged. Users were also advised to be more vigilant of downloaded RAR files and leverage antivirus systems to ensure the safety of archives from potential cyberattacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.