.webp)
Summary
CVE-2023-38831 is an actively exploited, high severity vulnerability in RARLabs WinRAR software, a popular archiving and extraction software for .RAR and .ZIP file formats. WinRAR versions before 6.23 allow attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. This occurs when a ZIP archive includes a benign file within a malicious folder having the same name (e.g., The archive contains a picture.jpg file and a picture folder containing a malicious executable). When the benign picture.jpg file gets processed, so does the malicious folder.
Impact Assessment
The vulnerability affects the RARLabs WinRAR software prior to version 6.23. This vulnerability is under active exploitation by state-backed threat actors. It allows arbitrary code to be executed on the targeted device, which can enable attackers to steal sensitive data, hijack the device, and install malware.
What it means for you
Any organization that utilizes WinRAR and has not updated their devices is subject to an attack. The vulnerability is under active exploitation, but there is a patch available. If you use this software, update to the latest version or reconsider your choice of archiving software.
Remediation
There is a patch available from WinRAR which will remediate this vulnerability.
Business Implications
Exploitation of this vulnerability will test your vulnerability management program and endpoint security solutions. If these remedies are not up to standard, financial loss, business disruption, and reputation loss could occur.
Access Point Technology Recommends
- Determine whether your organization uses WinRAR prior to version 6.23. If so, patch to version 6.24 or later.
- Review your current endpoint solutions and vulnerability management practices to ensure they meet the expected level of performance.
- Evaluate the necessity of using WinRAR for day-to-day business operations.
Associated Bulletins
https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/
.jpg)
