3/5/2024 0 Comments Instaling WinRAR 6.23![]() ![]() Though, in that particular case, POC exploit code was publicly available. What to do?Įasily exploitable WinRAR vulnerabilities do not surface often, but when they do, attackers take note.Ĭase in point: in 2019, a WinRAR vulnerability (CVE-2018-20250) that allowed attackers to extract a malicious executable to one of the Windows Startup folder has been exploited by attackers to deliver persistent malware. The main reason for this is that exploitation requires user interaction – but getting users to download and open a booby-trapped RAR file delivered via email or other means is not very difficult. The vulnerability can be exploited remotely and may allow attackers to execute code in the context of the current process, but the flaw’s CVSS score (7.8) does not single it out as critical. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer,” the Zero Day Initiative security advisory explains. “The specific flaw exists within the processing of recovery volumes. ![]() ![]() RARLAB has fixed a high-severity RCE vulnerability (CVE-2023-40477) in the popular file archiver tool WinRAR.Ī widely used Windows-only utility, WinRAR can create and extract file archives in various compression formats (RAR, ZIP, CAB, ARJ, LZH, TAR, GZip, UUE, ISO, BZIP2, Z and 7-Zip).ĬVE-2023-40477 is a remote code execution vulnerability that could allow remote threat actors to execute arbitrary code on an affected WinRAR installation. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |