VDB
CNVD-2023-64814
CNVD-2023-64814
PUBLISHED
CVSS 7.800000190734863 HIGH
WinRAR是一款用于管理压缩包文件的共享软件。 WinRAR存在代码执行漏洞,攻击者可利用该漏洞在用户试图查看ZIP存档中的良性文件时执行任意代码。
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| rarlab | winrar | 0 |
Exploit Intelligence
- This project is a cybersecurity research and analysis project focused on CVE-2023-38831, a critical WinRAR vulnerability that allows attackers to execute malicious code through specially crafted archive files. The project was conducted in a controlled lab environment for educational and defensive security purposes only. (github-poc-repo)
- This project is a cybersecurity research and analysis project focused on CVE-2023-38831, a critical WinRAR vulnerability that allows attackers to execute malicious code through specially crafted archive files. The project was conducted in a controlled lab environment for educational and defensive security purposes only. (github-poc-repo)
- This project is a cybersecurity research and analysis project focused on CVE-2023-38831, a critical WinRAR vulnerability that allows attackers to execute malicious code through specially crafted archive files. The project was conducted in a controlled lab environment for educational and defensive security purposes only. (github-poc)
- This project is a cybersecurity research and analysis project focused on CVE-2023-38831, a critical WinRAR vulnerability that allows attackers to execute malicious code through specially crafted archive files. The project was conducted in a controlled lab environment for educational and defensive security purposes only. (github-poc)
- evil-winrar,CVE-2023-38831漏洞利用和社会工程学攻击框架 (evil-winrar, CVE-2023-38831 Vulnerability Exploitation and Social Engineering Attack Framework) (github-poc-repo)
- evil-winrar,CVE-2023-38831漏洞利用和社会工程学攻击框架 (evil-winrar, CVE-2023-38831 Vulnerability Exploitation and Social Engineering Attack Framework) (github-poc-repo)
- RomainBayle08/CVE-2023-38831 (github-poc-repo)
- RomainBayle08/CVE-2023-38831 (github-poc-repo)
- This is my malware (github-poc-repo)
- This is my malware (github-poc-repo)
…and 227 more exploits
Timeline
- Aug 17, 2023 CVE Published
- Aug 24, 2023 PoC Published
- Aug 24, 2023 PoC Published
- Aug 29, 2023 PoC Published
- Sep 7, 2023 PoC Published
- Sep 23, 2023 PoC Published
- Nov 10, 2023 PoC Published
- Nov 16, 2023 PoC Published
- Feb 2, 2024 PoC Published
- Feb 13, 2024 PoC Published
- Mar 1, 2024 PoC Published
- Jul 17, 2024 PoC Published
References
- https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/ url
- https://www.bleepingcomputer.com/news/security/winrar-zero-day-exploited-since-april-to-hack-trading-accounts/ url
- https://news.ycombinator.com/item?id=37236100 url
- http://packetstormsecurity.com/files/174573/WinRAR-Remote-Code-Execution.html url
- https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/ url
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38831 url