![]() ![]() Information about the updated version and more details can be found in this article. ![]() The vulnerability was disclosed on August 17, 2023. The vulnerability was reported to the developer on June 8, 2023, and the vendor released WinRAR 6.23 on August 2, 2023. An attacker can exploit this vulnerability to execute code in the context of the current process. This can lead to memory access beyond the end of an allocated buffer. The vulnerability exists in the processing of recovery volumes and results from a lack of proper validation of user-supplied data. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a malicious file, the disclosure states. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. ![]() Vulnerability CVE-2023-40477 (RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability) has been assigned a CVSS score of 7.8 due to a code execution vulnerability. The problem was discovered by the Zero Day Initiative, which documented the vulnerability in this post from August 17, 2023. I became aware of this vulnerability via various media reports like here or here as well as via the following tweet. Now a vulnerability has been discovered in older versions of the program, which is to be classified as highly problematic. To allow the user to verify the integrity of archives, WinRAR embeds CRC32 or BLAKE2 checksums for each file in each archive. WinRAR supports the creation of encrypted, multi-part and self-extracting archives. The program can be used to create archives in RAR or ZIP file format, display them and unpack numerous archive file formats. WinRAR is a file archiving program that runs under Windows and is used by millions of users. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |