Critical WinRAR Vulnerability: Malicious Code Execution Possible When Opening Files.

The popular application WinRAR, has been discovered to posses a vulnerability, that could possibly allow malicious code to run when files are opened.

It is a known fact that the popular WinRAR app, is widely used for file compression and extraction with over 500-million users or more globally.

Critical-WinRAR-Vulnerability-01.png

Although it offers a buy option, and a notification of 40-day trial upon installation (which doesn’t really trigger any shortcoming, except the pop ups when trying to extract a file) after the 40-day trial has exceeded.

 There are no doubts, that this would be a target for malicious hackers who intend to carryout their attacks for personal gains or other motivations, giving the numbers of users of this app.

Attackers could take a quick action to exploit this vulnerability, as users of the app rarely update them, making it a high chance for targeted users to be susceptible to malicious codes.

The security weakness which was assigned a CVE record number: CVE-2023-40477 by cve.mitre.org, is associated with invalidation of user-supplied data when an archive file is being accessed or opened. This will result into a memory access that exceeds the end of an allocated buffer.

Information about the Vulnerability and Severity of the Flaw:

The said vulnerability gives the attacker leverage in crafting a RAR-file, taking advantage of the weakness, and use it to execute malicious codes in the context of the process. According to the CVSS scoring system, the severity score is rated 7.8 (High).

A researcher that goes by the identity “goodbyeselene”, an employee of Trend Micro’s Zero Day Initiative (ZDI), reported this vulnerability to the software vendor on June 08, 2023. However, the vulnerability was only publicly disclosed by ZDI, on August 17th, 2023, within the time frame of public disclosure, the vendor has already issued a security update two-weeks earlier (August 2nd , 2023).

MITIGATION & REMEDIATION:

The software vendor RARLAB, has mitigated this issue, by issuing a new version WinRAR 6.23, which contains fixes for the vulnerability discovered, and other security weaknesses such as; starting a wrong file upon file double-clicking by a user in a well-crafted archive. Also, the update is said to fix the immediate deletion of temporary files created when extracting or testing multiple archives.

Fixitgearware Security is urging users of this file-compression and extraction application, to update to the newest version (WinRAR 6.23) compactible with their device (i.e., MacOS, windows x86 & x64, Linux, Android, FreeBSD), as they might be one-step closer to the mercy of malicious code exploit, if contained within files that they are extracting.

 

 

 

Put your comments below in the comment section on your thoughts about this.

Find this article and information helpful? Show some love and support  “Click-Here”
5 1 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments