WinRAR flaw lets hackers run programs when you open RAR archives (www.bleepingcomputer.com)

submitted 1 year ago by tedu@azorius.net to c/cybersecurity@infosec.pub

4 comments fedilink hide all child comments

The flaw is tracked as CVE-2023-40477 and could give remote attackers arbitrary code execution on the target system after a specially crafted RAR file is opened.

RARLAB released WinRAR version 6.23 on August 2nd, 2023, effectively addressing CVE-2023-40477.

https://www.zerodayinitiative.com/advisories/ZDI-23-1152/

top 4 comments

sorted by: hot top controversial new old

[-] TheAgeOfSuperboredom@lemmy.ca 9 points 1 year ago

People still use WinRAR? Does it offer anything more than 7-zip?

[-] lnxtx@feddit.nl 3 points 1 year ago

Yes, many people in an office environment. Just habit like the Total Commander :|

Back in the time, it offered much better compression ratio than popular (Win)Zip. And it has SFX feature.

[-] Never_Sm1le@lemdro.id 2 points 1 year ago

For people compressing things a lot, winrar is much more productive than 7z. I can easily set up default profile in winrar (best compression quality + delete files after archiving) but can't do this with 7z

[-] nickwitha_k@lemmy.sdf.org 3 points 1 year ago

tar with pigz for compressiom is a lifesaver for large archives.

this post was submitted on 19 Aug 2023

38 points (100.0% liked)

cybersecurity

3155 readers

7 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 1 year ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub