26 C
Mumbai
Sunday, March 3, 2024
HomeCyber AttacksNew WinRAR Vulnerability Could Allow Hackers to Take Control of Your desktop

New WinRAR Vulnerability Could Allow Hackers to Take Control of Your desktop

Date:

Related stories

Remote Access Trojan (RAT): Their Types, Mitigation & Removal

Remote Access Trojan (RAT): Their Types, Mitigation & Removal Post...

Chinese Hackers Exploited Barracuda’s ESG Appliances

Chinese Hackers Exploited Barracuda's ESG Appliances Barracuda has revealed that...

China-Linked Budworm Targeting Middle Eastern Telco & Asian Government Agencies

China-Linked Budworm Targeting Middle Eastern Telco & Asian Government...

Most Important Cyber Security Tips 2023

Most Important Cyber Security Tips 2023 Important Cyber Security Security...

Every Business Owner 10 Essential Cybersecurity Facts Must Know

Every Business Owner 10 Essential Cybersecurity Facts Must Know In...

New WinRAR Vulnerability Could Allow Hackers to Take Control of Your desktop

A high-severity security flaw has been disclosed in the WinRAR utility that could be potentially exploited by a threat actor to achieve remote code execution on Windows systems.

Tracked as CVE-2023-40477 (CVSS score: 7.8), the vulnerability has been described as a case of improper validation while processing recovery volumes.

“The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer,” the Zero Day Initiative (ZDI) said in an advisory.

“An attacker can leverage this vulnerability to execute code in the context of the current process.”

Successful exploitation of the flaw requires user interaction in that the target must be lured into visiting a malicious page or by simply opening a booby-trapped archive file.

A security researcher, who goes by the alias goodbyeselene, has been credited with discovering and reporting the flaw on June 8, 2023. The issue has been addressed in WinRAR 6.23 released on August 2, 2023.

“A security issue involving out of bounds write is fixed in RAR4 recovery volumes processing code,” the maintainers of the software said.

The latest version also addresses a second issue wherein “WinRAR could start a wrong file after a user double clicked an item in a specially crafted archive.” Group-IB researcher Andrey Polovinkin has been credited for reporting the problem.

Users are recommended to update to the latest version to mitigate potential threats.

Technogeek Online
Technogeek Onlinehttps://technogeek.online
Technogeek Online mission is to be a digital for technical decision-makers to gain knowledge about transformative technology. We deliver essential information on cyber technologies and strategies to guide you as you lead your organizations. We are inviting you to become a member of our community.

Subscribe

- Never miss a story with notifications

- Gain full access to our premium content

- Browse free from up to 5 devices at once

Latest stories

LEAVE A REPLY

Please enter your comment!
Please enter your name here