Critical Vulnerability Patched in Popular WinRAR Software

Estimated read time 2 min read

A recently discovered security vulnerability in the widely-used WinRAR archiving software had the potential to enable attackers to execute arbitrary code on users’ systems. The issue has been addressed in a new version released by WinRAR. The vulnerability, classified as CVE-2023-40477, poses a significant risk.

Key Details

The critical vulnerability, an out-of-bounds write, was first reported on June 8 by the Zero Day Initiative to Rarlab, the developer behind WinRAR. The flaw occurs due to improper handling of user-provided data by the software.

WinRAR has since released version 6.23 on August 2, effectively resolving the issue. Last week, Zero Day Initiative publicly disclosed the details of the vulnerability.

Zero Day Initiative’s Role

The Zero Day Initiative (ZDI) rewards researchers for reporting vulnerabilities in a variety of software and promptly informs the respective developers, enabling them to issue timely updates. This practice ensures that security risks are mitigated before they can be widely exploited.

Additional Fixes in Version 6.23

In addition to patching the out-of-bounds write vulnerability, WinRAR 6.23 also addresses a bug that could launch incorrect files when users clicked on a file within a specially crafted archive.

Historical Exploits

WinRAR’s vulnerabilities have been actively exploited in the past, making it a point of concern for cybersecurity professionals, threat hunters, and CISOs. Given the software’s popularity, it becomes a prime target for cyber-attacks.

Download the Patch

Users are strongly encouraged to download the latest version of the software from Rarlab’s official website to ensure their systems are protected against potential CVE-2023-40477 exploits.

Reza Rafati

Reza Rafati, based in the Netherlands, is the founder of An industry professional providing insightful commentary on infosec, cybercrime, cyberwar, and threat intelligence, Reza dedicates his work to bolster digital defenses and promote cyber awareness.

You May Also Like

More From Author