Search for vulnerabilities
Vulnerability details: VCID-jeyu-c3rr-aaaq
Vulnerability ID VCID-jeyu-c3rr-aaaq
Aliases CVE-2023-38831
Summary RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.
Status Published
Exploitability 2.0
Weighted Severity 7.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
System Score Found at
epss 0.43876 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.43876 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.43876 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.43876 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.43876 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.43876 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.45382 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.45382 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.46389 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.46389 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.48600 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.48600 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.48600 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.48600 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.48600 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.93562 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.93562 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.93562 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.93562 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.93562 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.93648 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.93648 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.93654 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.93654 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.93654 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.93654 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.93671 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.93671 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.93671 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.93714 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.93714 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.93714 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.93714 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.93714 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.93714 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.9373 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.9373 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.9373 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.9373 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.9373 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.9373 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.9373 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
epss 0.93902 https://api.first.org/data/v1/epss?cve=CVE-2023-38831
cvssv3 7.8 https://nvd.nist.gov/vuln/detail/CVE-2023-38831
cvssv3.1 7.8 https://nvd.nist.gov/vuln/detail/CVE-2023-38831
Data source Metasploit
Description This module exploits a vulnerability in WinRAR (CVE-2023-38831). When a user opens a crafted RAR file and its embedded document, the decoy document is executed, leading to code execution.
Note
Stability:
  - crash-safe
Reliability:
  - repeatable-session
SideEffects:
  - ioc-in-logs
  - artifacts-on-disk
Ransomware campaign use Unknown
Source publication date Aug. 23, 2023
Platform Windows
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/windows/fileformat/winrar_cve_2023_38831.rb
Data source KEV
Date added Aug. 24, 2023
Description RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file within a ZIP archive.
Required action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due date Sept. 14, 2023
Note
http://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=232&cHash=c5bf79590657e32554c6683296a8e8aa;  https://nvd.nist.gov/vuln/detail/CVE-2023-38831
Ransomware campaign use Known
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-38831
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-38831
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)
Percentile 0.97462
EPSS Score 0.43876
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.