Description:

RARLAB has released a security update to fix a vulnerability in WinRAR. A remote attacker could entice the target user into visiting a malicious page or opening a specially crafted archive file to exploit the vulnerability.

Affected Systems:

• WinRAR prior to version 6.23

Please note that successful exploitation requires user interaction in that the target user must be lured into visiting a malicious page or opening a specially crafted archive file.

Impact:

Successful exploitation of the vulnerability could lead to remote code execution on an affected system.

Recommendation:

The software update for affected systems is now available. Since there is no auto-update option in WinRAR, users should take immediate action to manually update their WinRAR to versions 6.23 or later to mitigate the risk.

More Information:

• https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=232&cHash=c5bf79590657e32554c6683296a8e8aa
• https://www.zerodayinitiative.com/advisories/ZDI-23-1152/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40477