Critical WinRAR vulnerability allows malicious code execution
A vulnerability has been found in the WinRAR packing programme that allows attackers to execute malicious code. An update to the latest version of the tool fixes the vulnerability.
A researcher from the Zero Day Initiative (ZDI) has found a serious vulnerability in the WinRAR file archiving programme. It allows an attacker to use a prepared RAR file to execute arbitrary code on the target system. To do this, the victim must open the archive. The vulnerability was discovered by the security specialist "goodbyeselene", who reported it to the software provider RARLAB on 8 June 2023.
ZDI writes about the function of the vulnerability: "The issue results from the lack of proper validation of user-supplied data, which can lead to memory access that extends beyond the end of an allocated buffer. An attacker can exploit this vulnerability to execute code in the context of the current process."
RARLAB has responded and fixed the vulnerability with its latest WinRAR version 6.23. Users of the programme should install the update as soon as possible.
Cover image: Martin Jud
I find my muse in everything. When I don’t, I draw inspiration from daydreaming. After all, if you dream, you don’t sleep through life.