Overview
- Description
- RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Known exploits
Data from CISA
- Vulnerability name
- RARLAB WinRAR Code Execution Vulnerability
- Exploit added on
- Aug 24, 2023
- Exploit action due
- Sep 14, 2023
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Social media
- Hype score
- Not currently trending
hxxps://adp-auth.com/ cve-2023-38831 exploitation #stealc malware download: hXxps://adp-auth.com/land/Automatic_Data_Processing_Terms_and_Conditions.rar https://t.co/IvlO44M9tO https://t.co/wcIoO2owYW
@banthisguy9349
Nov 10, 2024 11:20 AM
2125 Impressions
7 Retweets
43 Likes
7 Bookmarks
4 Replies
2 Quotes
Did you know that you can create both a file and a directory with the exact same name in a ZIP? You won't be able to unzip it like this on any file system, but hey, you can do it! It's why CVE-2023-38831 happened in winrar https://t.co/3a0x7wdUoL https://t.co/Lz4f4ZuPLQ
@BarrellTitor44
Nov 5, 2024 1:18 AM
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A586AE4C-6F08-4E96-B74C-AA0A7BF4F2DD",
"versionEndExcluding": "6.23"
}
],
"operator": "OR"
}
]
}
]