- Description
- RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- RARLAB WinRAR Code Execution Vulnerability
- Exploit added on
- Aug 24, 2023
- Exploit action due
- Sep 14, 2023
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
🚨Threat Campaign Alert - UAC-0099 Targets Ukrainian Government with Espionage Campaign Using WinRAR Exploit (CVE-2023-38831) and LONEPAGE Malware🚨 Summary: The UAC-0099 threat group has targeted Ukrainian government organizations with phishing emails exploiting WinRAR… https:/
@CyberxtronTech
17 Dec 2024
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
WinRAR security flaw #CVE-2023-38831 allows attacker to execute arbitrary code when user attempt to view benign file within ZIP archive CVE to deliver multiple malicious files APT-K-47 to deliver #Asyncshell which was found to leverage WinRAR security flaw https://t.co/x2JCwzcIK4
@7Ej4_
25 Nov 2024
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware Initial attack chains distributing the malware have been found to leverage the WinRAR security flaw (CVE-2023-38831, CVSS score: 7.8) to trigger the infection #CyberSecurity #CyberSecurityAwareness… https://
@letsexploit
24 Nov 2024
25 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
hxxps://adp-auth.com/ cve-2023-38831 exploitation #stealc malware download: hXxps://adp-auth.com/land/Automatic_Data_Processing_Terms_and_Conditions.rar https://t.co/IvlO44M9tO https://t.co/wcIoO2owYW
@banthisguy9349
10 Nov 2024
2125 Impressions
7 Retweets
43 Likes
7 Bookmarks
4 Replies
2 Quotes
Did you know that you can create both a file and a directory with the exact same name in a ZIP? You won't be able to unzip it like this on any file system, but hey, you can do it! It's why CVE-2023-38831 happened in winrar https://t.co/3a0x7wdUoL https://t.co/Lz4f4ZuPLQ
@BarrellTitor44
5 Nov 2024
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A586AE4C-6F08-4E96-B74C-AA0A7BF4F2DD",
"versionEndExcluding": "6.23"
}
],
"operator": "OR"
}
]
}
]