According to Zero Day Initiative's public warning, "this issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer." RARLAB says that the flaw is located in WinRAR's "recovery volumes processing code," but doesn't elaborate any further.īecause this specific exploit requires user interaction (you must open a malicious archive), it has received a 7.8 severity rating from the CVSS. file size value in the internal viewer status bar didn't include the byte order mask field, displaying a smaller than actual size for Unicode files.The vulnerability, which is identified as CVE-2023-40477, allows hackers to execute arbitrary code when a target opens a malicious RAR archive."Display files in Explorer" extraction option was ignored if "When done: Close WinRAR" option was also set and archive was opened in WinRAR before extracting.files in Unix ARJ archives could be erroneously displayed as folders in WinRAR file list.It didn't affect extracting the entire archive, which was performed correctly extracting individual files from solid archives created by RAR versions older than 2.0, could fail in WinRAR 6.20 and 6.21.With recovery record and recovery volumes, you can reconstruct even physically damaged archives. It also offers the ability to create self extracting and multi volume archives. It supports files and archives up to 8,589 billion gigabytes in size. WinRAR offers you the benefit of industry strength archive encryption using AES (Advanced Encryption Standard) with a key of 128 bits. It consistently makes smaller archives than the competition, saving disk space and transmission costs. WinRAR is an archiving utility that completely supports RAR and ZIP archives and is able to unpack CAB, ARJ, LZH, TAR, GZ, UUE, BZ2, JAR, ISO, 7Z, Z archives.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |