What is WinRAR?
WinRAR is a popular utility tool for file compression/decompression and archive management.
What is the Attack?
CVE-2023-38831 is an arbitrary code execution vulnerability that affects WinRAR before version 6.23. The vulnerability allows threat actors to create a zip file that contains a folder and a file with the same filename. Opening (some refer to this as “viewing”) the file launches a malicious script in the folder.
Why is this Significant?
This is significant because WinRAR is widely used and CVE-2023-38831 was reportedly exploited as a 0-day in April 2023. As a result, multiple malware families have reportedly been deployed. FortiGuard Labs strongly recommends all users of WinRAR to update to the latest version of WinRAR as soon as possible.
What is the Vendor Solution?
The vendor has released WinRAR version 6.23 that includes a fix for CVE-2023-38831.
What FortiGuard Coverage is available?
FortiGuard Labs has the following AV signatures against the files reportedly used in attacks involving CVE-2023-38831:
W32/Darkme.A!tr
W32/NDAoF
PossibleThreat.DU
W32/VB_AGen.EX!tr
W32/ETCH!tr
NSIS/Injector.15D3!tr
PossibleThreat.FORTIEDR.H
W32/PossibleThreat
Malicious_Behavior.SB
Webfiltering blocks all reported network IOCs.
More Stories
ZDI-CAN-25373: Microsoft
A CVSS score 7.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Peter Girnus - Trend Micro Zero Day Initiative' was reported to...
DSA-5774-1 ruby-saml – security update
It was discovered that ruby-saml, a SAML library implementing the client side of a SAML authorization, does not properly verify...
USN-6968-2: PostgreSQL vulnerability
USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and PostgreSQL-16 This update provides the corresponding updates for PostgreSQL-9.5 in Ubuntu 16.04 LTS....
USN-7015-2: Python vulnerabilities
USN-7015-1 fixed several vulnerabilities in Python. This update provides one of the corresponding updates for python2.7 for Ubuntu 16.04 LTS,...
USN-7027-1: Emacs vulnerabilities
It was discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands....
USN-7024-1: tgt vulnerability
It was discovered that tgt attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1,...