WinRAR version 6.22 Vulnerability CVE-2023-38831

vendor:

WinRAR

by:

E1.Coders

6.1

CVSS

HIGH

Zip File Arbitrary Code Execution

119

CWE

Product Name: WinRAR

Affected Version From: WinRAR version 6.22

Affected Version To: WinRAR version 6.22

Patch Exists: NO

Related CWE: CVE-2023-38831

CPE: a:rarlab:winrar:6.22

Metasploit: https://www.rapid7.com/db/vulnerabilities/rarlab-winrar-cve-2023-38831/, https://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_cve_2023_38831/

Other Scripts:

Platforms Tested: Windows

WinRAR version 6.22 Vulnerability CVE-2023-38831

The exploit involves creating a malicious zip file using the WinRAR software. By crafting a specially designed zip file, an attacker can execute arbitrary code on the target system, potentially leading to remote code execution. This vulnerability has been assigned CVE-2023-38831.

Mitigation:

To mitigate this vulnerability, users should update WinRAR to the latest version available. Additionally, exercise caution when opening zip files from untrusted sources.

Source

WinRAR version 6.22 Vulnerability CVE-2023-38831

Mitigation:

Exploit-DB raw data: