Buzz
VTV.vn - A significant vulnerability has been discovered in WinRAR - a widely used compression tool utilized by millions of Windows users.
The vulnerability was identified by 'goodbyeselene,' an expert from the Zero Day Initiative, who reported it to RARLAB on June 8, 2023. According to security experts, the WinRAR vulnerability enables attackers to remotely execute commands on computers if users inadvertently open a file containing malicious code.
'The vulnerability lies in the decompression volume processing. This issue arises from improperly authenticated user-supplied data, causing memory access to exceed the allocated buffer limit,' stated the security expert.
According to the Common Vulnerability Scoring System (CVSS), this vulnerability's severity is rated at 7.8. Deceiving users into opening compressed files to distribute malware is not a significant challenge. However, with WinRAR's extensive user base, cybercriminals will have ample opportunities to exploit this security flaw successfully.
It is known that the vulnerability affects WinRAR versions 6.22 and earlier. Since version 6.23 was released on August 3, 2023, RARLAB has addressed the security vulnerability. Therefore, users should promptly update to the latest version of WinRAR to mitigate any potential risks.
Previously, most Windows versions only supported creating and extracting ZIP file formats. Users often had to install additional third-party applications like WinRAR if they wanted to open RAR or other formats.
However, in May 2023, Microsoft announced that Windows 11 will natively support the standard RAR file compression format, ending the need for users to install and download additional third-party decompression software. According to Microsoft, as this is an open-source solution, the default tool in Windows 11 has many advantages over third-party applications.
