![]() For reference, RARLAB and Zero Day Initiative have only revealed the existence of this exploit - they haven't explained exactly how it is performed. At the time of writing, there is no evidence that hackers have exploited CVE-2023-40477 in the real world, though this may change as the vulnerability has become public knowledge. It isn't a "critical" vulnerability, but if you're the kind of person who downloads random RAR archives from seedy websites, you should take this very seriously. According to Zero Day Initiative's public warning, "this issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer." RARLAB says that the flaw is located in WinRAR's "recovery volumes processing code," but doesn't elaborate any further.īecause this specific exploit requires user interaction (you must open a malicious archive), it has received a 7.8 severity rating from the CVSS. RAR files can usually compress content by 8 to 15 percent more than ZIP files. ![]() ![]() It has a unique compression algorithm compresses multimedia files, executables, and object libraries particularly well. The vulnerability, which is identified as CVE-2023-40477, allows hackers to execute arbitrary code when a target opens a malicious RAR archive. Free Download WinRAR full version installer + Portable for Windows PC. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |