Vulnerability — CVE-2023-38831

CVE-2023-38831

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2023-38831
Description:: RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.
Last updated date:: 07/03/2024

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 07/10/2023
Reference url to background: https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=232&cHash=c5bf79590657e32554c6683296a8e8aa

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 08/23/2023
Reference url to background: https://arstechnica.com/security/2023/08/winrar-0-day-that-uses-poisoned-jpg-and-txt-files-under-exploit-since-april/

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 08/23/2023
Reference url to background: https://nvd.nist.gov/vuln/detail/CVE-2023-38831

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 08/24/2023
Reference url to background: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Type:: exploit
Confidence:: HIGH
Date of publishing:: 08/24/2023
Reference url to background: https://github.com/BoredHackerBlog/winrar_CVE-2023-38831_lazy_poc

Type:: exploit
Confidence:: HIGH
Date of publishing:: 08/25/2023
Reference url to background: https://github.com/b1tg/CVE-2023-38831-winrar-exploit

Type:: exploit
Confidence:: HIGH
Date of publishing:: 08/27/2023
Reference url to background: https://github.com/ignis-sec/CVE-2023-38831-RaRCE

Type:: exploit
Confidence:: HIGH
Date of publishing:: 08/28/2023
Reference url to background: https://github.com/Maalfer/CVE-2023-38831_ReverseShell_Winrar-RCE

Type:: exploit
Confidence:: HIGH
Date of publishing:: 08/28/2023
Reference url to background: https://github.com/knight0x07/WinRAR-Code-Execution-Vulnerability-CVE-2023-38831

Type:: exploit
Confidence:: HIGH
Date of publishing:: 08/28/2023
Reference url to background: https://github.com/PascalAsch/CVE-2023-38831-KQL

Type:: exploit
Confidence:: HIGH
Date of publishing:: 08/28/2023
Reference url to background: https://github.com/ahmed-fa7im/CVE-2023-38831-winrar-expoit-simple-Poc

Type:: exploit
Confidence:: HIGH
Date of publishing:: 08/28/2023
Reference url to background: https://github.com/my-elliot/CVE-2023-38831-winrar-expoit-simple-Poc

Type:: exploit
Confidence:: HIGH
Date of publishing:: 08/29/2023
Reference url to background: https://www.bleepingcomputer.com/news/security/winrar-zero-day-exploited-since-april-to-hack-trading-accounts/

Type:: exploit
Confidence:: HIGH
Date of publishing:: 08/29/2023
Reference url to background: https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/

Type:: exploit
Confidence:: HIGH
Date of publishing:: 08/30/2023
Reference url to background: https://github.com/z3r0sw0rd/CVE-2023-38831-PoC

Type:: exploit
Confidence:: HIGH
Date of publishing:: 08/30/2023
Reference url to background: https://github.com/MorDavid/CVE-2023-38831-Winrar-Exploit-Generator-POC

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/01/2023
Reference url to background: https://github.com/Mich-ele/CVE-2023-38831-winrar

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/03/2023
Reference url to background: https://github.com/xaitax/WinRAR-CVE-2023-38831

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/07/2023
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/winrar_cve_2023_38831.rb

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/12/2023
Reference url to background: https://github.com/Malwareman007/CVE-2023-38831

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/12/2023
Reference url to background: https://github.com/ameerpornillos/CVE-2023-38831-WinRAR-Exploit

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/21/2023
Reference url to background: https://github.com/malvika-thakur/CVE-2023-38831

Type:: exploit
Confidence:: HIGH
Date of publishing:: 11/15/2023
Reference url to background: https://github.com/xk-mt/WinRAR-Vulnerability-recurrence-tutorial

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/19/2024
Reference url to background: https://github.com/UnHackerEnCapital/PDFernetRemotelo

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/27/2024
Reference url to background: http://packetstormsecurity.com/files/174573/WinRAR-Remote-Code-Execution.html

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/27/2024
Reference url to background: https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/