The issue is due to the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. The vulnerability lies in how the software processes recovery volumes. The CVE patched in this update is CVE-2023-40477 (with a CVSS score of 7.8 out of 10). The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. Users should install the latest version (WinRAR 6.23 or later) at their earliest convenience. All the victim has to do is to open a specially crafted archive.Īfter receiving a report about the vulnerability in June, a new version of the software was published on August 2, 2023. RARLAB has issued an update to correct this vulnerability.A new version of the file archiving software WinRAR fixes two vulnerabilities that could allow an attacker to execute code on a target system. An attacker can leverage this vulnerability to execute code in the context of the current process. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. ![]() The specific flaw exists within the processing of recovery volumes. ![]() User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. August 17th, 2023 RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability ZDI-23-1152ħ.8, (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |