Customers are suggested to improve their WinRAR installations to repair two high-severity flaws that attackers may exploit to execute arbitrary code. The RAR archive format, which is related to WinRAR, has been abused and exploited by cybercriminals earlier than attributable to its lengthy historical past of utilization and recognition on the web.
Vulnerabilities may enable execution of malicious code
One of many vulnerabilities is tracked as CVE-2023-40477 and was discovered by a researcher utilizing the title goodbyeselene who reported it by Pattern Micro’s Zero Day Initiative (ZDI) program. It’s rated 7.7 on the CVSS scale, which correlates to excessive severity. “This vulnerability permits distant attackers to execute arbitrary code on affected installations of RARLAB WinRAR,” the ZDI advisory reads. “Consumer interplay is required to use this vulnerability in that the goal should go to a malicious web page or open a malicious file.”
The flaw is a buffer overflow situation that stems from the way in which WinRAR processes restoration volumes (.REV recordsdata). Restoration volumes are particular recordsdata that WinRAR creates when an archive is break up into a number of elements (volumes) and permits this system to reconstruct a lacking or broken file in a quantity set. The difficulty is brought on by improper validation of user-supplied knowledge in .REV recordsdata that can lead to reminiscence entry past the allotted buffer. This may be exploited to execute code within the context of the WinRAR course of.
The second vulnerability, talked about in the WinRAR 6.23 release notes, can result in the execution of the improper file when the person double clicks on an merchandise inside a specifically crafted archive. Andrey Polovinkin from Group-IB’s Risk Intelligence unit is credited with reporting this difficulty, nevertheless it’s not clear if he found it himself or discovered it being utilized in assaults.
Lengthy historical past of attackers exploiting RAR
The RAR archive format dates again to 1993 and gained widespread reputation due to its good compression ratio and its capacity to create break up archives — archives break up into smaller elements. This allowed the better distribution of huge recordsdata at a time within the early days of the web when community instability may simply consequence within the corruption of downloaded recordsdata.
RAR continues to be well-liked at present regardless of being a proprietary format and consequently Microsoft is testing native read-only help for it and different archive codecs like 7z in Home windows 11. Till that’s carried out, customers should depend on the WinRAR archive supervisor to create or unpack such archives, and in response to this system’s builders, over 500 million customers do.
