Main Vulnerability Database Exploits ID:9282 - Exploit for Input validation error in WinRAR - CVE-2023-38831

ID:9282 - Exploit for Input validation error in WinRAR - CVE-2023-38831

Published: September 4, 2023

Vulnerability identifier: #VU79925

Vulnerability risk: Critical

CVE-ID: CVE-2023-38831

CWE-ID: CWE-20

Exploitation vector: Remote access

Vulnerable software:
WinRAR

Link to public exploit:

https://github.com/Fa1c0n35/CVE-2023-38831-winrar-exploit

Vulnerability description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of file names inside .zip archives. A remote attacker can create a specially crafted archive that contains executable malicious files and spoof their file extension to look like .jpeg or .txt.

Note, the vulnerability is being actively exploited in the wild as of April 2023.

Remediation

Install updates from vendor's website.

ID:9282 - Exploit for Input validation error in WinRAR - CVE-2023-38831

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human