Due to missing last month’s review, this slightly extended article will help merge August and September into one piece to cover the most prominent stories from both so that together we can stay cyber secure. The volume and complexity of some of these can sometimes be overwhelming and difficult to keep track of. The world of security is always moving and evolving, with vulnerabilities, breaches and new guidance being released every day. For reference, RARLAB and Zero Day Initiative have only revealed the existence of this exploit - they haven't explained exactly how it is performed.Welcome back to this month’s security in review. At the time of writing, there is no evidence that hackers have exploited CVE-2023-40477 in the real world, though this may change as the vulnerability has become public knowledge. It isn't a "critical" vulnerability, but if you're the kind of person who downloads random RAR archives from seedy websites, you should take this very seriously. According to Zero Day Initiative's public warning, "this issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer." RARLAB says that the flaw is located in WinRAR's "recovery volumes processing code," but doesn't elaborate any further.īecause this specific exploit requires user interaction (you must open a malicious archive), it has received a 7.8 severity rating from the CVSS. The vulnerability, which is identified as CVE-2023-40477, allows hackers to execute arbitrary code when a target opens a malicious RAR archive.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |