How to Fix CVE-2023-40477- A Remote Code Execution Vulnerability in WinRAR?

A high-severity vulnerability has recently been disclosed in the popular WinRAR compression software that could allow remote code execution on targeted Windows systems. Tracked as CVE-2023-40477, the vulnerability has a CVSS score of 7.8, making it a high-risk issue that should be addressed immediately by users of the software. In this blog, we will take a look at the details of the vulnerability, its impact, and, most importantly, how WinRAR users can update to the latest version to mitigate the security risk. Let’s see how to fix CVE-2023-40477, a remote code execution vulnerability in WinRAR, in this blog post.

CVE-2023-40477 is a remote code execution flaw that was discovered by security researcher Goodbyeselene and reported to WinRAR on June 8, 2023. The vulnerability was made public on August 2, 2023 after a patch had been released by WinRAR.

A Short Note About WinRAR

For the uninitiated, WinRAR is one of the most popular file-archiving utilities for Windows users. It provides an easy way to compress and decompress files in various formats, including RAR, ZIP, 7Z, ISO, and more. WinRAR has been around for over 25 years and continues to be widely used given its ability to create compressed archives that are split over multiple volumes as well as encrypted and password-protected archives. It also integrates easily with Windows Explorer, allowing users to compress or decompress files without opening WinRAR.

Summary of CVE-2023-40477

As per the ZDI advisory, the remote code execution vulnerability arises from insufficient validation of user-supplied data while processing recovery volumes in the RAR file format.

Recovery volumes are used to split large RAR archives into manageable-sized volumes that can be easily transmitted or stored. The vulnerability allows a threat actor to create a malicious recovery volume that triggers out-of-bounds memory access when processed by WinRAR. This memory corruption can then be further exploited to achieve arbitrary code execution.

By convincing a user to open a malicious RAR recovery volume through social engineering, an attacker can exploit this flaw to execute malicious payloads on the target’s machine in the context of the WinRAR process. This provides an avenue for privilege escalation, installation of backdoors, exfiltration of sensitive data and lateral movement within compromised networks.

WinRAR Versions Affected

According to WinRAR’s security advisory, all versions prior to v6.23 are affected by the vulnerability. This includes:

Users of the above WinRAR versions are highly recommended to upgrade immediately to mitigate the risk arising from this high-severity code execution vulnerability.

How to Fix CVE-2023-40477 – Update WinRAR to v6.23?

Creator of the Video:

WinRAR v6.23 and above include fixes for CVE-2023-40477 and should be installed to fully mitigate the security risk. Upgrading is straightforward – simply download the latest version from the official website and install it on your Windows PC. Your existing WinRAR settings and licenses will be retained after upgrading to the new version.

Here are the step-by-step instructions to securely update WinRAR:

With this, you have successfully updated WinRAR and mitigated the CVE-2023-40477 remote code execution vulnerability. We recommend uninstalling old WinRAR versions to ensure they are not accidentally used again in the future. For enhanced security, routinely check for WinRAR updates and always update to the latest version as soon as a new release is available.

Wrong File Launch Bug: In addition to fixing this critical flaw, WinRAR v6.23 also addresses a second vulnerability reported by Andrey Polovinkin of Group-IB. This flaw could allow WinRAR to launch the wrong file when a user double-clicks a specially crafted archive.

This vulnerability could allow attackers to trick WinRAR into launching a malicious executable instead of the intended file when a user extracts and opens a specially crafted archive. By embedding malicious files masked under legitimate file names, an attacker can hijack file launches to execute arbitrary code.

Both flaws provide an avenue for privilege escalation, installation of backdoors, data exfiltration, and lateral movement within compromised networks.

The Bottom Line

CVE-2023-40477 demonstrates that even mature, widely used software like WinRAR can harbor latent vulnerabilities that can be exploited via malicious files. This reinforces the need for developers to adopt secure coding practices and perform extensive security testing before releasing software. For users, it highlights the importance of prompt patching and the risks of using outdated software versions beyond their support lifetimes. As the saying goes, better safe than sorry – always keep your software updated!

We hope this post helped you know how to fix CVE-2023-40477, a remote code execution vulnerability in WinRAR. Please share this post if you find this interested. Visit our website thesecmaster.com, and our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium, and Instagram and subscribe to receive updates like this.