CVE•Published 2023-08-23•1 article on news•6 live references•NVD data

CVE-2023-38831

Vulnerability data via CVEDB (Shodan)

CVSS v3.1

7.8

HIGH

EPSS percentile

100

Exploit Prediction Scoring System · top 0% of all CVEs

Description

RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.

Timeline

Published 2023-08-23

External references

NVD MITRE Exploit-DB Sploitus trickest/cve VulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts

vuln:CVE-2023-38831

Hosts Shodan has explicitly fingerprinted as vulnerable.

Shodan · product

product:"Rarlab Winrar"

All exposed Rarlab Winrar instances — cross-reference with the CVE's affected-version range.

Shodan · banner/body mention

http.html:"Winrar"

HTTP body or banner mentions "Winrar" — catches deploys Shodan didn't identify as a product.

More intel sources (5)

Shodan report

vuln:CVE-2023-38831