High-Severity WinRAR Flaw Allows Hackers To Assume Control Over PCs

Posted on August 22, 2023 at 12:23 PM

High-Severity WinRAR Flaw Allows Hackers To Assume Control Over PCs

A recent study has detected a high-severity vulnerability with the WinRAR file archiver utility for Windows. Millions of people use WinRAR, which can be deployed to execute commands on a computer whenever a user opens an archive.

WinRAR flaw allows hackers to assume control over PCs

The flaw in question is tracked as CVE-2023-40477, allowing remote hackers to run an arbitrary code execution on the targeted system. The hacking attack happens after a RAR file is launched specially crafted by these hackers, resulting in a major exploit.

The vulnerability was detected by a researcher known as “goodbyeselene” at Zero Day Initiative. This security researcher reported the vulnerability to a vendor known as RARLAB on June 8, 2023. The reported flaw ensured that the vendor would address the flaw and take the necessary precautions to issue a patch.

The security advisory published on the ZDI site noted that the security vulnerability runs within processing recovery volumes. It further said that the issue behind the flaw was caused by a lack of proper validation of data supplied by users. Such data usually leads to memory access beyond the allocated buffer.

The targeted device in this hacking campaign usually contains a message that will trick the victim into opening an archive. As such, the flaw has a severity score of 7.8, showing that it can cause harm to the targeted systems.

However, hacking campaigns have often relied upon cybercriminals deceiving users into performing a given action. However, phishing campaigns are usually not challenging to hackers as the intention is to craft a message that appears to originate from an authentic source.

With the WinRAR system, the process of deceiving users is also not complicated, given the large user base for the WinRAR system. In these types of attacks, the hackers have many chances to run a successful hacking campaign on the intended systems if the target visits a malicious page or launches a malicious file.

“The specific flaw exists within the processing of recovery volumes. The issue results from the lack of proper validation of user-supplied data, which can result in memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process,” the security advisory said.

RARLAB patches the risk

RARLAB has released a new WinRAR version 6.23. The updated version was issued on August 2, 2023, to patch the detected flaw. The security flaw in question is tracked as CVE-2023-40477. As such, users on the WinRAR system may be advised to apply the available security updates to patch the issue in question.

The updated version solves several issues on the compromised system. It provides a fix to the RAR4 recovery volumes processing code. It also addresses an issue existing within the specially crafted archives. The issue results in the wrong file being initiated. The security flaw in question is also deemed to be a high-severity issue.

This development also comes when the WinRAR system is almost becoming obsolete on Microsoft. The tech giant is currently testing native support on Windows 11 for the RAR, 7-Zip, and GZ files.

Third-party software such as WinRAR is no longer needed in this version except in cases where advanced features are required. This lowers the risk of such hacking campaigns happening again if they target support on Microsoft Windows systems.

The users still dependent on WinRAR must ensure the system remains updated. Hackers have detected and abused similar flaws to install malicious malware that can later be exploited to run hacking campaigns.

Flaws on the WinRAR systems are relatively rare and do not happen often. However, in cases where these attacks occur, security researchers are observant, and they usually take the appropriate steps to mitigate the risk and ensure the impact of this campaign is mitigated.

In 2019, a WinRAR security flaw tracked as CVE-2018-20250 allowed threat actors to extract a malicious executable to one of the folders on Windows Startup. Hackers ran a malicious campaign to deliver the persistent malware. However, the POC exploit code was also publicly available in this case.

To prevent these hacking campaigns from happening, it is important that users take note of any suspicious files they receive. Such files should also be scanned for malware to protect user devices. 

Summary
High-Severity WinRAR Flaw Allows Hackers To Assume Control Over PCs
Article Name
High-Severity WinRAR Flaw Allows Hackers To Assume Control Over PCs
Description
A recent study detected a high-severity flaw in the WinRAR file archiver utility. Millions of people use the software, and it could be exploited to execute commands on a computer. RARLAB has since patched the flaw.
Author
Publisher Name
Koddos
Publisher Logo

Share this:

Related Stories:

Newsletter

Get the latest stories straight
into your inbox!

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading