Andrey Polovinkin

**Name of the Vulnerable Software and Affected Versions** WinRAR versions prior to 6.23 **Description** WinRAR versions prior to 6.23 contain a vulnerability that allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. This occurs because a ZIP archive can include a benign file (such as a .JPG) and a folder with the same name, and the contents of the folder (which may include executable content) are processed when the benign file is accessed. This vulnerability has been actively exploited by multiple threat actors, including Russian and Chinese state-sponsored groups, and has been used in attacks targeting various sectors, including cryptocurrency traders and government organizations. Attackers have used this vulnerability to deliver malware such as Remcos RAT, Agent Tesla, and Asyncshell. The exploitation often involves phishing campaigns with malicious RAR archives. The vulnerability has been exploited since April 2023. **Recommendations** Update WinRAR to the latest version to address the vulnerability.