Security Alert (A23-08-14): Vulnerability in WinRAR


 

Published on: 23 August 2023

Description:

RARLAB has released a security update to fix a vulnerability in WinRAR. A remote attacker could entice the target user into visiting a malicious page or opening a specially crafted archive file to exploit the vulnerability.

 

Affected Systems:

  • WinRAR prior to version 6.23

Please note that successful exploitation requires user interaction in that the target user must be lured into visiting a malicious page or opening a specially crafted archive file.

 

Impact:

Successful exploitation of the vulnerability could lead to remote code execution on an affected system.

 

Recommendation:

The software update for affected systems is now available. Since there is no auto-update option in WinRAR, users should take immediate action to manually update their WinRAR to versions 6.23 or later to mitigate the risk.

 

More Information:

  • https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=232&cHash=c5bf79590657e32554c6683296a8e8aa
  • https://www.zerodayinitiative.com/advisories/ZDI-23-1152/
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40477


Tag: RARLAB , WinRAR
Tags