CVE-2023-40477

RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability

CVSS 7.8 HIGHEPSS 13.1%CWE-129

In short

WinRAR has a flaw in how it processes recovery volumes that fails to properly check array boundaries, allowing attackers to access memory beyond safe limits. If you open a malicious RAR file, an attacker could run arbitrary code on your computer.

Technical detail

This vulnerability exploits improper array index validation in RARLAB WinRAR's recovery volume processing, leading to an out-of-bounds buffer access. Remote code execution is achieved when a user opens a specially crafted RAR file; the attacker gains execution privileges within the WinRAR process context.

Summary generated and translated by AI from the official description.

RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of recovery volumes. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21233.

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

RARLAB · WinRAR

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://lists.debian.org/debian-lts-announce/2023/11/msg00009.html https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=232&cHash=c5bf79590657e32554c6683296a8e8aa https://www.zerodayinitiative.com/advisories/ZDI-23-1152/