WinRAR flaw lets hackers run programs when you open RAR archives
18-Aug-23
WinRAR, the well-known file archiver program for Windows used by millions, has a high-severity flaw that can run instructions on a machine just by opening an archive. On June 8th, 2023, researcher “goodbyeselene” of the Zero Day Initiative found the vulnerability and notified vendor RARLAB of it.
A specifically constructed RAR file must be opened in order to exploit the weakness, which is logged as CVE-2023-40477, which might let remote attackers arbitrary code execution on the victim machine. The security advice posted on ZDI’s website states that the processing of recovery volumes has the specific issue.
