"New WinRAR Vulnerability Could Allow Hackers to Take Control of Your PC"
A high-severity security vulnerability has been found in the WinRAR utility, which a threat actor could exploit for Remote Code Execution (RCE) on Windows systems. The vulnerability, tracked as CVE-2023-40477 with a CVSS score of 7.8, stems from improper validation while processing recovery volumes. According to the Zero Day Initiative (ZDI), the vulnerability is caused by improper validation of user-supplied data, which can lead to memory access beyond the end of an allocated buffer. This vulnerability allows an attacker to execute code in the context of the current process. Successful exploitation of the vulnerability requires user interaction, as the target must be lured to a malicious website or tricked into opening a booby-trapped archive file. This article continues to discuss findings regarding the new WinRAR vulnerability.
THN reports "New WinRAR Vulnerability Could Allow Hackers to Take Control of Your PC"