Summary WinRAR vuln could allow code to run when files are opened • The Register www.theregister.com
1,329 words - html page - View html page
One Line
WinRAR users are advised to update their software as a vulnerability has been identified that allows code execution through manipulated RAR files due to a flaw in the way WinRAR handles file extraction.
Slides
Slide Presentation (8 slides)
Key Points
- WinRAR has a vulnerability that allows code to run when a user opens a RAR file.
- The vulnerability is due to a lack of full validation of user-supplied data when opening an archive file.
- The vulnerability has been assigned the CVE record CVE-2023-40477.
- The vulnerability has a CVSS severity rating of 7.8 (high).
- A new version of WinRAR, version 6.23, has been released to fix the bug.
- The updated version of WinRAR also fixes several other flaws.
- Microsoft announced support for RAR files in Windows, along with other archive formats.
- WinRAR is a shareware product that can be used for free for up to 40 days before purchasing a license.
Summaries
31 word summary
WinRAR users should update their software due to a vulnerability (CVE-2023-40477) that allows code execution when opening a manipulated RAR file. The flaw is related to how WinRAR handles file extraction.
81 word summary
Users of WinRAR, a popular compression and archiving tool, are advised to update their software to avoid a vulnerability that allows code to run when opening a RAR file. The flaw, assigned the CVE record CVE-2023-40477,
A vulnerability in the popular file compression software WinRAR has been discovered that could allow an attacker to execute code when a user opens a manipulated file. The vulnerability is related to how WinRAR handles the extraction of files, and if exploited, an attacker could