CVE-2023-38831

Name of the Vulnerable Software and Affected Versions WinRAR versions prior to 6.23

Description WinRAR versions prior to 6.23 contain a vulnerability that allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. This occurs because a ZIP archive can include a benign file and a folder with the same name, and the contents of the folder, which may include executable content, are processed when attempting to access the benign file. This vulnerability has been actively exploited in the wild since April 2023 by multiple threat actors, including those linked to Russia and China, and has been used in attacks targeting various sectors, including cryptocurrency traders, government entities, and energy infrastructure. The vulnerability has been exploited by APT groups such as APT28, APT29, APT37, APT-K-47, UAC-0057, UAC-0099, and Head Mare. Attackers have used this vulnerability to deliver malware, including Remcos RAT, Agent Tesla, and PhantomRAT. The estimated number of affected devices is not specified.

Recommendations Update WinRAR to version 6.23 or later.