CVE-2023-38831
CVE-2023-38831
Em resumo
O WinRAR versões anteriores a 6.23 tem uma falha onde abrir um arquivo que parece inofensivo (como uma foto) dentro de um ZIP pode executar código malicioso escondido em uma pasta com o mesmo nome. Essa vulnerabilidade foi explorada ativamente por atacantes em 2023.
Detalhe técnico
Uma vulnerabilidade de travessia de caminho na lógica de extração de ZIP do WinRAR permite execução de código arbitrário quando um usuário tenta visualizar um arquivo inofensivo que compartilha o nome com uma pasta maliciosa dentro do arquivo. A vulnerabilidade explora o tratamento inadequado de arquivos e diretórios com o mesmo nome durante a extração, permitindo que atacantes executem código arbitrário com privilégios do usuário. Este CVE foi explorado ativamente entre abril e outubro de 2023.
Resumo gerado e traduzido por IA a partir da descrição oficial.
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Produtos afetados
n/a · n/aPoCs públicas encontradas — 59
githubgithub.com/b1tg/CVE-2023-38831-winrar-exploit★ 785githubgithub.com/Garck3h/cve-2023-38831★ 128githubgithub.com/ignis-sec/CVE-2023-38831-RaRCE★ 114githubgithub.com/BoredHackerBlog/winrar_CVE-2023-38831_lazy_poc★ 91githubgithub.com/HDCE-inc/CVE-2023-38831★ 90githubgithub.com/knight0x07/WinRAR-Code-Execution-Vulnerability-CVE-2023-38831★ 40githubgithub.com/Maalfer/CVE-2023-38831_ReverseShell_Winrar-RCE★ 22githubgithub.com/xaitax/WinRAR-CVE-2023-38831★ 18githubgithub.com/MorDavid/CVE-2023-38831-Winrar-Exploit-Generator-POC★ 13githubgithub.com/ahmed-fa7im/CVE-2023-38831-winrar-expoit-simple-Poc★ 11githubgithub.com/Malwareman007/CVE-2023-38831★ 9githubgithub.com/youmulijiang/evil-winrar★ 9githubgithub.com/z3r0sw0rd/CVE-2023-38831-PoC★ 6githubgithub.com/UnHackerEnCapital/PDFernetRemotelo★ 6githubgithub.com/PascalAsch/CVE-2023-38831-KQL★ 4githubgithub.com/xk-mt/WinRAR-Vulnerability-recurrence-tutorial★ 4githubgithub.com/Mich-ele/CVE-2023-38831-winrar★ 3githubgithub.com/malvika-thakur/CVE-2023-38831★ 3githubgithub.com/RonF98/CVE-2023-38831-POC★ 3githubgithub.com/kuyrathdaro/cve-2023-38831★ 3githubgithub.com/akhomlyuk/cve-2023-38831★ 3githubgithub.com/ameerpornillos/CVE-2023-38831-WinRAR-Exploit★ 3githubgithub.com/r1yaz/winDED★ 2githubgithub.com/IR-HuntGuardians/CVE-2023-38831-HUNT★ 2githubgithub.com/MaorBuskila/Windows-X64-RAT★ 2githubgithub.com/yezzfusl/cve_2023_38831_scanner★ 1githubgithub.com/thegr1ffyn/CVE-2023-38831★ 1githubgithub.com/Ben1B3astt/CVE-2023-38831_ReverseShell_Winrar★ 1githubgithub.com/ruycr4ft/CVE-2023-38831★ 1githubgithub.com/s4m98/winrar-cve-2023-38831-poc-gen★ 1githubgithub.com/SpamixOfficial/CVE-2023-38831★ 1githubgithub.com/technicalcorp0/CVE-2023-38831-Exploit★ 1githubgithub.com/olowostandard1/CVE-2023-38831-WinRAR-Vulnerability-Analysis★ 1githubgithub.com/sudo-py-dev/CVE-2023-38831★ 0githubgithub.com/lightningspeed221/Winrar-Exploit-CVE-2023-38831★ 0githubgithub.com/ngothienan/CVE-2023-38831★ 0githubgithub.com/GOTonyGO/CVE-2023-38831-winrar★ 0githubgithub.com/solomon12354/VolleyballSquid-----CVE-2023-38831-and-Bypass-UAC★ 0githubgithub.com/RomainBayle08/CVE-2023-38831★ 0githubgithub.com/imbyter/imbyter-WinRAR_CVE-2023-38831★ 0githubgithub.com/Fa1c0n35/CVE-2023-38831-winrar-exploit★ 0githubgithub.com/Hirusha-N/CVE-2021-34527-CVE-2023-38831-and-CVE-2023-32784★ 0githubgithub.com/khanhtranngoccva/cve-2023-38831-poc★ 0githubgithub.com/asepsaepdin/CVE-2023-38831★ 0githubgithub.com/MyStuffYT/CVE-2023-38831-POC★ 0githubgithub.com/FirFirdaus/CVE-2023-38831★ 0githubgithub.com/ra3edAJ/LAB-DFIR-cve-2023-38831★ 0githubgithub.com/ML-K-eng/CVE-2023-38831-Exploit-and-Detection★ 0githubgithub.com/idkwastaken/CVE-2023-38831★ 0githubgithub.com/VictoriousKnight/CVE-2023-38831_Exploit★ 0githubgithub.com/sh770/CVE-2023-38831★ 0githubgithub.com/Tolu12wani/Demonstration-of-CVE-2023-38831-via-Reverse-Shell-Execution★ 0githubgithub.com/yangdayyy/cve-2023-38831★ 0githubgithub.com/anelya0333/Exploiting-CVE-2023-38831★ 0githubgithub.com/mishra0230/CVE-2023-38831★ 0githubgithub.com/Nielk74/CVE-2023-38831★ 0githubgithub.com/kehrijksen/CVE-2023-38831★ 0githubgithub.com/h3xecute/SideCopy-Exploits-CVE-2023-38831★ 0cve_referencepacketstormsecurity.com/files/174573/WinRAR-Remote-Code-Execution.htmlnão verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://packetstormsecurity.com/files/174573/WinRAR-Remote-Code-Execution.htmlhttps://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/https://news.ycombinator.com/item?id=37236100https://www.bleepingcomputer.com/news/security/winrar-zero-day-exploited-since-april-to-hack-trading-accounts/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38831https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/