CVE-2023-38831

Name of the Vulnerable Software and Affected Versions WinRAR versions prior to 6.23

Description WinRAR versions prior to 6.23 contain a vulnerability that allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. This occurs because a ZIP archive can include a benign file and a folder with the same name, and the contents of the folder, which may include executable content, are processed when accessing the benign file. This vulnerability has been actively exploited by multiple threat actors, including Russian and Chinese state-sponsored groups, as well as hacktivist groups, since April 2023. Exploitation has been observed in attacks targeting various sectors, including cryptocurrency traders, government entities, and organizations in Russia, Belarus, and Ukraine. Attackers have used this vulnerability to deliver malware such as Agent Tesla, Remcos RAT, and PhantomRAT. The vulnerability has been exploited through phishing campaigns using malicious RAR archives.

Recommendations Update WinRAR to version 6.23 or later.