This article discusses a critical vulnerability in WinRAR that has been actively exploited, resulting in malware infections.
Product and affected versions: WinRAR, specifically versions prior to 6.23.
CEV
This vulnerability involves a critical flaw within the WinRAR archive utility. The Common Vulnerabilities and Exposures (CVE) identifier for this specific vulnerability is **CVE-2023-40477**.
Vulnerability
The vulnerability, identified as CVE-2023-40477, is a remote code execution (RCE) flaw. It stems from improper validation of specially crafted RAR files, which could lead to arbitrary code execution when a user attempts to open such a file.
How the attack works
Attackers exploit this vulnerability by crafting malicious RAR archives. When a user opens one of these infected archives, the malicious code embedded within can be automatically executed without further user interaction, compromising the system. This can lead to the installation of malware, data theft, or complete system takeover. The attack often begins with a phishing email containing the malicious RAR file as an attachment.
Remediations
Users are strongly advised to update their WinRAR software to version 6.23 or later immediately. This updated version contains a patch that addresses the vulnerability. Additionally, users should exercise caution when opening attachments from unknown or suspicious senders and ensure their antivirus software is up-to-date.
Reference
Further technical details and official advisories regarding CVE-2023-40477 can be found on the WinRAR official website and various cybersecurity news outlets that covered the disclosure.
