WinRAR? Update immediately

Do you use WinRAR application? The developers of the app fixed a critical code execution vulnerability (CVE-2023-40477) in the software and you should update immediately.


WinRAR is a file archiver that runs on Windows and is used by millions of users. The program can be used to create files in RAR or ZIP archive format, but also to decompress many archive file formats. To allow the user to verify the integrity of files, WinRAR uses CRC32 or BLAKE2 checksums for each file.

However, older versions of the program contain a highly problematic vulnerability. The problem was discovered by the Zero Day Initiative, which reported the vulnerability in this post from August 17, 2023.

CVE-2023-40477 (RaRLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability) is listed with a CVSS score of 7,8 because it allows code execution. Allows remote attackers to execute arbitrary code on affected RARLAB WinRAR installations. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a malicious file.

The vulnerability exists in the processing of recovery volumes and results from a lack of proper data validation. This can lead to memory access beyond the bounds of an allocated buffer. An attacker could exploit this vulnerability to run code under the current d.

RARLAB has released an update to fix the problem.

More information at: The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive notifications of new posts by email.


Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).