CVE-2023-38831
CVE-2023-38831
In short
WinRAR before version 6.23 has a flaw where opening what looks like a harmless file (like a photo) inside a ZIP archive can actually run malicious code hidden in a folder with the same name. This vulnerability was actively exploited by attackers in 2023.
Technical detail
A path traversal vulnerability in WinRAR's ZIP extraction logic allows arbitrary code execution when a user attempts to view a benign file that shares a name with a malicious folder within the archive. The vulnerability exploits improper handling of same-named files and directories during extraction, enabling attackers to execute arbitrary code with user privileges. This CVE was actively exploited in the wild between April and October 2023.
Summary generated and translated by AI from the official description.
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 59
githubgithub.com/b1tg/CVE-2023-38831-winrar-exploit★ 785githubgithub.com/Garck3h/cve-2023-38831★ 128githubgithub.com/ignis-sec/CVE-2023-38831-RaRCE★ 114githubgithub.com/BoredHackerBlog/winrar_CVE-2023-38831_lazy_poc★ 91githubgithub.com/HDCE-inc/CVE-2023-38831★ 90githubgithub.com/knight0x07/WinRAR-Code-Execution-Vulnerability-CVE-2023-38831★ 40githubgithub.com/Maalfer/CVE-2023-38831_ReverseShell_Winrar-RCE★ 22githubgithub.com/xaitax/WinRAR-CVE-2023-38831★ 18githubgithub.com/MorDavid/CVE-2023-38831-Winrar-Exploit-Generator-POC★ 13githubgithub.com/ahmed-fa7im/CVE-2023-38831-winrar-expoit-simple-Poc★ 11githubgithub.com/Malwareman007/CVE-2023-38831★ 9githubgithub.com/youmulijiang/evil-winrar★ 9githubgithub.com/z3r0sw0rd/CVE-2023-38831-PoC★ 6githubgithub.com/UnHackerEnCapital/PDFernetRemotelo★ 6githubgithub.com/PascalAsch/CVE-2023-38831-KQL★ 4githubgithub.com/xk-mt/WinRAR-Vulnerability-recurrence-tutorial★ 4githubgithub.com/Mich-ele/CVE-2023-38831-winrar★ 3githubgithub.com/malvika-thakur/CVE-2023-38831★ 3githubgithub.com/RonF98/CVE-2023-38831-POC★ 3githubgithub.com/kuyrathdaro/cve-2023-38831★ 3githubgithub.com/akhomlyuk/cve-2023-38831★ 3githubgithub.com/ameerpornillos/CVE-2023-38831-WinRAR-Exploit★ 3githubgithub.com/r1yaz/winDED★ 2githubgithub.com/IR-HuntGuardians/CVE-2023-38831-HUNT★ 2githubgithub.com/MaorBuskila/Windows-X64-RAT★ 2githubgithub.com/yezzfusl/cve_2023_38831_scanner★ 1githubgithub.com/thegr1ffyn/CVE-2023-38831★ 1githubgithub.com/Ben1B3astt/CVE-2023-38831_ReverseShell_Winrar★ 1githubgithub.com/ruycr4ft/CVE-2023-38831★ 1githubgithub.com/s4m98/winrar-cve-2023-38831-poc-gen★ 1githubgithub.com/SpamixOfficial/CVE-2023-38831★ 1githubgithub.com/technicalcorp0/CVE-2023-38831-Exploit★ 1githubgithub.com/olowostandard1/CVE-2023-38831-WinRAR-Vulnerability-Analysis★ 1githubgithub.com/sudo-py-dev/CVE-2023-38831★ 0githubgithub.com/lightningspeed221/Winrar-Exploit-CVE-2023-38831★ 0githubgithub.com/ngothienan/CVE-2023-38831★ 0githubgithub.com/GOTonyGO/CVE-2023-38831-winrar★ 0githubgithub.com/solomon12354/VolleyballSquid-----CVE-2023-38831-and-Bypass-UAC★ 0githubgithub.com/RomainBayle08/CVE-2023-38831★ 0githubgithub.com/imbyter/imbyter-WinRAR_CVE-2023-38831★ 0githubgithub.com/Fa1c0n35/CVE-2023-38831-winrar-exploit★ 0githubgithub.com/Hirusha-N/CVE-2021-34527-CVE-2023-38831-and-CVE-2023-32784★ 0githubgithub.com/khanhtranngoccva/cve-2023-38831-poc★ 0githubgithub.com/asepsaepdin/CVE-2023-38831★ 0githubgithub.com/MyStuffYT/CVE-2023-38831-POC★ 0githubgithub.com/FirFirdaus/CVE-2023-38831★ 0githubgithub.com/ra3edAJ/LAB-DFIR-cve-2023-38831★ 0githubgithub.com/ML-K-eng/CVE-2023-38831-Exploit-and-Detection★ 0githubgithub.com/idkwastaken/CVE-2023-38831★ 0githubgithub.com/VictoriousKnight/CVE-2023-38831_Exploit★ 0githubgithub.com/sh770/CVE-2023-38831★ 0githubgithub.com/Tolu12wani/Demonstration-of-CVE-2023-38831-via-Reverse-Shell-Execution★ 0githubgithub.com/yangdayyy/cve-2023-38831★ 0githubgithub.com/anelya0333/Exploiting-CVE-2023-38831★ 0githubgithub.com/mishra0230/CVE-2023-38831★ 0githubgithub.com/Nielk74/CVE-2023-38831★ 0githubgithub.com/kehrijksen/CVE-2023-38831★ 0githubgithub.com/h3xecute/SideCopy-Exploits-CVE-2023-38831★ 0cve_referencepacketstormsecurity.com/files/174573/WinRAR-Remote-Code-Execution.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/174573/WinRAR-Remote-Code-Execution.htmlhttps://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/https://news.ycombinator.com/item?id=37236100https://www.bleepingcomputer.com/news/security/winrar-zero-day-exploited-since-april-to-hack-trading-accounts/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38831https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/