all InfoSec news
WinRAR ZIP Arbitrary Code Execution Vulnerability (CVE-2023-38831)
Aug. 25, 2023, 2:37 a.m. |
FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com
WinRAR is a popular utility tool for file compression/decompression and archive management.
What is the Attack?
CVE-2023-38831 is an arbitrary code execution vulnerability that affects WinRAR before version 6.23. The vulnerability allows threat actors to create a zip file that contains a folder and a file with the same filename. Opening (some refer to this as "viewing") the file launches a malicious script in the folder.
Why is this Significant?
This is significant because WinRAR is widely …
archive attack code code execution compression cve decompression file filename folder management popular threat threat actors tool utility version vulnerability what is winrar zip
More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - Threat Signal Report
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Information Security Engineer - Vulnerability Management
@ Starling Bank | Southampton, England, United Kingdom
Manager Cybersecurity
@ Sia Partners | Rotterdam, Netherlands
Compliance Analyst
@ SiteMinder | Manila
Information System Security Engineer (ISSE)-Level 3, OS&CI Job #447
@ Allen Integrated Solutions | Chantilly, Virginia, United States
Enterprise Cyber Security Analyst – Advisory and Consulting
@ Ford Motor Company | Mexico City, MEX, Mexico