A security researcher of the Zero Day Initiative has identified a vulnerability in the WinRAR file archiver utility for Windows, which could permit the execution of commands on a computer merely by opening a compromised archive.
WinRAR, a widely-used file compression and archival tool for Windows, was found to have a high-severity vulnerability, labeled as CVE-2023-40477 with a CVSS score of 7.8. CVSS scores are calculated using a formula consisting of vulnerability-based metrics. A CVSS score is derived from scores in these three groups: Base, Temporal and Environmental. Scores range from zero to 10, with zero representing the least severe and 10 representing the most severe. The flaw enables remote execution of arbitrary code on a computer when a specially crafted RAR archive is opened.
Risk of Arbitrary Code Execution
The vulnerability is rooted in the processing of recovery volumes. It arises due to insufficient validation of data provided by users. As a result, this can lead to memory access beyond the confines of an allocated buffer.
The flaw was brought to the attention of RARLAB on June 8th, 2023, by a researcher known as “goodbyeselene” from the Zero Day Initiative. As described in the ZDI's advisory, the “vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is essential for exploiting this vulnerability, meaning the target must either visit a malicious webpage or open a harmful file. The specific flaw is present within the processing of recovery volumes. The problem stems from the inadequate validation of data provided by users, which can lead to accessing memory beyond the allocated buffer. An attacker can exploit this flaw to execute code within the context of the ongoing process.”
To address this vulnerability, WinRAR has released version 6.23. Users of WinRAR are urged to update their software to prevent potential exploitation by malicious actors.
Windows 11 Supports RAR Without WinRAR
Windows 11 now supports RAR and other additional archive formats natively, including tar, 7-zip, gz, starting in Windows 11 Build 23493. The improved file compression support is made possible through the integration of the libarchive open-source project, which will significantly improve the performance of archive functionality during compression and decompression on Windows. The new archive file support seamlessly integrates with File Explorer, and files appear with the same zipped folder icon as “.zip” files.
