WinRAR flaw lets hackers run programs when you open RAR archives - fixed in version 6.23

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,556
A high-severity vulnerability has been fixed in WinRAR, the popular file archiver utility for Windows used by millions, that can execute commands on a computer simply by opening an archive.

The flaw is tracked as CVE-2023-40477 and could give remote attackers arbitrary code execution on the target system after a specially crafted RAR file is opened.

The vulnerability was discovered by researcher "goodbyeselene" of Zero Day Initiative, who reported the flaw to the vendor, RARLAB, on June 8th, 2023.

"The specific flaw exists within the processing of recovery volumes," reads the security advisory released on ZDI's site.

"The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer."

As a target needs to trick a victim into opening an archive, the vulnerability's severity rating drops down to 7.8, as per the CVSS.

However, from a practical perspective, deceiving users into performing the required action shouldn't be overly challenging, and given the vast size of WinRAR's user base, attackers have ample opportunities for successful exploitation.
 

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,556
WinRAR flaw lets hackers steal funds from broker accounts
WinRAR, a popular file archiver tool for Windows used by millions of people worldwide, has been found to have a vulnerability that allows hackers to steal funds from traders.

Cybersecurity company Group-IB tells TechCrunch about a zero-day vulnerability in WinRAR, which affects the processing of the ZIP file format by the archiving tool. For the unaware, a zero-day vulnerability is a flaw in a system or device that has been disclosed but is yet to be patched.

The vulnerability apparently lets hackers hide malicious scripts in archive files that appear to be harmless, such as JPEG images or text files.

Once a targeted user opens the malicious file, the hackers can gain access to their computer and steal their personal information, including financial account credentials. In the case of traders, this allows hackers to make unauthorized trades or withdraw funds from their victims' accounts.

Devices of at least 130 traders are reported to be infected, however, there seems to be no news about the financial losses yet. Notably, one victim told Group-IB researchers that the hackers attempted to withdraw their money but couldn’t pull it off.

The outlet says hackers have been using this vulnerability since April to spread malicious ZIP archives on specialist trading forums. These harmful ZIP files have appeared on at least eight public forums that discuss various trading, investment, and cryptocurrency topics, according to the source. However, the names of these forums have not been revealed.
The cybersecurity firm is said to have reported the vulnerability, designated CVE-2023-38831, to WinRAR maker Rarlab, which released the fix in WinRAR version 6.23 on August 2nd.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top