A vulnerability that enables arbitrary code execution just by opening a file with the long-established compression decompression software 'WinRAR' is discovered, and a modified version has already been distributed

It has been reported that a vulnerability ' CVE-2023-40477 ' has been discovered in WinRAR, a file compression/decompression software for Windows, that allows arbitrary code to be executed on a computer simply by opening a RAR file. Version 6.23 has already been released to fix this vulnerability and users are encouraged to update as soon as possible.

ZDI-23-1152 | Zero Day Initiative
https://www.zerodayinitiative.com/advisories/ZDI-23-1152/

WinRAR Latest News: WinRAR 6.23 final release
https://www.win-rar.com/singlenewsview.html

WinRAR flaw lets hackers run programs when you open RAR archives
https://www.bleepingcomputer.com/news/security/winrar-flaw-lets-hackers-run-programs-when-you-open-rar-archives/

WinRAR is a shareware for Windows released in 1995. It is an archiver that can compress and decompress RAR and ZIP formats, as well as decompress LZH and 7-Zip formats.

The CVE-2023-40477 discovered this time was discovered by Mr. goodbyeselene, a member of the Zero Day Initiative, a security research organization for privately reporting zero-day vulnerabilities, on June 8, 2023 at a WinRAR vendor. Reported to a RARLAB.

According to the Zero Day Initiative, the bug causing CVE-2023-40477 exists in the handling of recovery volumes. It is caused by user-supplied data not being properly validated, allowing a ' buffer overflow ' to access memory past the end of the allocated buffer. An attacker can use this vulnerability to execute arbitrary code by tricking a user into accessing a malicious page or malicious file in WinRAR.

WinRAR vendor RARLAB has released version 6.23 on August 2, 2023, which fixes this CVE-2023-40477. In addition to fixing CVE-2023-40477, this version 6.23 also fixes a bug that caused WinRAR to run the wrong file when clicking on an item in a specially created compressed file.

This isn't the first time WinRAR has been found to have an arbitrary code execution vulnerability. A vulnerability has been discovered. At this time, the causative library was deleted and support for the ACE format was discontinued.

A vulnerability that has existed for over 19 years in the long-established compression and decompression software 'WinRAR' was discovered - GIGAZINE

In addition, Bleeping Computer, a news site familiar with security issues, said, ``Microsoft is testing native support for RAR, 7-Zip, and GZIP formats on Windows 11, and unless advanced features are required, third parties such as WinRAR No software required.'

7z tar gz is also added to the fact that the RAR compression format is natively supported on Windows after 30 years since its birth - GIGAZINE