Severe user-discovered WinRAR vulnerability Zero Day Initiative can allow hackers to run arbitrary code on your PC. Users must install the latest WinRAR update (version 6.23) to fix this vulnerability. The application does not offer automatic updates, so this version it must be installed manually.

WinRAR is one of the proper names in file compressors/decompressors. It is part of a type of software specialized in manipulation of compressed files (to understand it in a simple way, those that group others in it) and their main goal is to save storage space, as well as to improve the organization of files and facilitate their distribution on the Internet. In fact, it is widely used on the Internet by networks.

Although ZIP is still the most famous and used, its very high level of compression and its enormous performance when working with files in RAR format make it a must-have for many users, even though it is a commercial and closed application. Let’s say Microsoft wants to add native support for RAR files in Windows 11 using the open source tools available in the libarchive project.

WinRAR vulnerability

Identified as CVE-2023-40477, it allows hackers to execute arbitrary code and take full control of the computer when the target opens a malicious RAR file. According to the public warning of the Zero Day Initiative “This issue is caused by a lack of proper validation of user-supplied data, which may lead to memory being accessed beyond the end of the allocated buffer”.

ZDI privately created the exploit as a proof of concept. At the moment there is no evidence of hackers exploiting this, although once the information is released wouldn’t it be weird if it got to the “bad people”. WinRAR has also been affected by similar vulnerabilities in the past, and while the lack of automatic software updates is great for the IT department, it has proven to be a pain in the ass for average users who don’t get update information. And even worse; most users are using the trial version which is probably outdated and vulnerable.

The RARLAB vendor confirmed the vulnerability and explained that the bug is in the “restore volume processing code” request but did not provide further details. Fortunately, there is already a solution. If you are using this app, you need to manually download and install version 6.3 from the official site.

Don’t let it! Compressed files have been the preferred source of malware spread in the past because they are easier to disguise and not all antivirus programs can detect them.