![]() ![]() ![]() Users are recommended to update to the latest version to mitigate potential threats. If you aren’t sure whether to download the 32-bit or 64-bit version, type About Your PC in the Windows search bar and open the System Settings. Choose the version (32-bit or 64-bit) and the language you want to install. The latest version also addresses a second issue wherein "WinRAR could start a wrong file after a user double clicked an item in a specially crafted archive." Group-IB researcher Andrey Polovinkin has been credited for reporting the problem. Click the DOWNLOAD button to visit RARLABS. "A security issue involving out of bounds write is fixed in RAR4 recovery volumes processing code," the maintainers of the software said. The issue has been addressed in WinRAR 6.23 released on August 2, 2023. Successful exploitation of the flaw requires user interaction in that the target must be lured into visiting a malicious page or by simply opening a booby-trapped archive file.Ī security researcher, who goes by the alias goodbyeselene, has been credited with discovering and reporting the flaw on June 8, 2023. "An attacker can leverage this vulnerability to execute code in the context of the current process." "The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer," the Zero Day Initiative (ZDI) said in an advisory. Tracked as CVE-2023-40477 (CVSS score: 7.8), the vulnerability has been described as a case of improper validation while processing recovery volumes.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |