The libraries unrar.dll and unrar64.dll, used by third-party applications, are also vulnerable. While it may still make sense to update these to the latest version, the reported security issue can't be exploited in third-party programs that utilize these libraries. Update: we confirmed with WinRAR that the two DLL files are not vulnerable to the security issue. The update to WinRAR 6.23 addresses the vulnerability and WinRAR users should install the update as soon as possible to protect their devices against potential exploits of the vulnerability. The issue, which is identified as CVE-2023-40477, is a high-severity vulnerability found in the processing of recovery volumes. The downloading of such a specially crafted archive and the opening of it on the user's system is sufficient to allow attackers to execute arbitrary code on the device. Users who open specially crafted WinRAR archives on their devices may fall pray to the attack. Malicious actors can exploit the vulnerability to execute code on devices that run earlier versions of WinRAR. The release included a security fix that addressed a major out of bounds issue. The developers of WinRAR released version 6.23 of the popular archiving software earlier this month.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |