Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2023-38831

Disclosure Date: August 23, 2023 •

CVE-2023-38831 CVSS v3 Base Score: 7.8

Exploited in the Wild

Reported by SecurelyDoesIt and 3 more...
View Source Details

Description

RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.8 High

Impact Score:

5.9

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

Required

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

rarlab

Products

winrar

Metasploit Modules

exploit/windows/fileformat/winrar_cve_2023_38831 (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/winrar_cve_2023_38831.rb)

Exploited in the Wild

Reported by:

SecurelyDoesIt indicated source as News Article or Blog (https://www.bleepingcomputer.com/news/security/winrar-zero-day-exploited-since-april-to-hack-trading-accounts/)

Reported: August 23, 2023 4:13pm UTC (1 year ago)

ccondon-r7 indicated source as News Article or Blog (https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/)

Reported: August 30, 2023 12:41am UTC (1 year ago)

inokii indicated sources as

Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
Other: CISA Gov Alert (https://www.cisa.gov/news-events/alerts/2023/08/24/cisa-adds-two-known-exploited-vulnerabilities-catalog)

Reported: September 08, 2023 5:14am UTC (1 year ago)

AttackerKB Worker indicated source as Government or Industry Alert (https://www.cisa.gov/news-events/alerts/2023/08/24/cisa-adds-two-known-exploited-vulnerabilities-catalog)

Reported: November 08, 2024 8:19am UTC (1 week ago)

References

Canonical

CVE-2023-38831 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38831)

Exploit

PoCs that have not been added by contributors directly have been sourced from: nomi-sec/PoC-in-GitHub.
A PoC added here by the AKB Worker must have at least 2 GitHub stars.

CVE-2023-38831-winrar-exploit (https://github.com/b1tg/CVE-2023-38831-winrar-exploit) (Added by AKB Worker)

WinRAR-Code-Execution-Vulnerability-CVE-2023-38831 (https://github.com/knight0x07/WinRAR-Code-Execution-Vulnerability-CVE-2023-38831) (Added by AKB Worker)

CVE-2023-38831-winrar (https://github.com/Mich-ele/CVE-2023-38831-winrar) (Added by AKB Worker)

PDFernetRemotelo (https://github.com/UnHackerEnCapital/PDFernetRemotelo) (Added by AKB Worker)