Attackers Abuse WinRAR Vulnerability To Run Programs When User Opens RAR Archive

A critical WinRAR vulnerability (CVE-2023-40477) has been patched. This flaw allows attackers to execute commands on a system by simply opening a crafted RAR file. The issue, found by researcher "goodbyeselene," stems from inadequate validation of user data during recovery volume processing. Although a victim must be lured into opening the archive, the significant user base of WinRAR increases the risk of successful attacks. While its CVSS severity is 7.8, practical exploitation remains likely due to the wide user reach. Read more...