A flaw has been disclosed in the WinRAR utility that allows attackers to gain remote code execution.
The vulnerability, marked as CVE-2023-40477, was discovered by a security researcher who goes by the alias goodbyeselene.
He describes the flaw in terms of its severity and impact.
An attacker can leverage this vulnerability to execute code in the context of the current process.
A security researcher named Ivanhoe found the flaw and reported it to the company responsible for the utility on June 8, 2023.The company describes the problem as being a case of improper validation while processing recovery volumes.
An attacker can also benefit from this vulnerability because it enables them to write arbitrary code without having to wait for an appropriate buffer size.