CVE-2023-38831

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Aug 23, 2023
Updated: Aug 14, 2024
CWE ID 351
CWE ID 345

Summary

CVE-2023-38831 is a critical vulnerability affecting RARLAB WinRAR before version 6.23. This issue enables attackers to execute arbitrary code when a user attempts to view a seemingly harmless file, such as a JPG image, within a ZIP archive. Here's how the vulnerability works: If a ZIP archive contains a benign file with the same name as a folder, the contents of the folder will be processed during the attempt to access the file. These contents could include executable code, which would be executed, potentially leading to a compromise of the targeted system. The vulnerability was exploited in the wild between April and October 2023.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share