WinRAR flaw lets hackers run programs when you open RAR archives


WinRAR, the well-known file archiver program for Windows used by millions, has a high-severity flaw that can run instructions on a machine just by opening an archive. On June 8th, 2023, researcher “goodbyeselene” of the Zero Day Initiative found the vulnerability and notified vendor RARLAB of it.

A specifically constructed RAR file must be opened in order to exploit the weakness, which is logged as CVE-2023-40477, which might let remote attackers arbitrary code execution on the victim machine. The security advice posted on ZDI’s website states that the processing of recovery volumes has the specific issue.

Read More…