CVSS: 7.8EPSS: 43%CPEs: 1EXPL: 37CVE-2023-38831 – RARLAB WinRAR Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-38831
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023. WinRAR version 6.22 suffers from a remote code execution vulnerability via a malicious zip archive. RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file within a ZIP archive. • https://github.com/b1tg/CVE-2023-38831-winrar-exploit https://github.com/ignis-sec/CVE-2023-38831-RaRCE https://github.com/Malwareman007/CVE-2023-38831 https://github.com/MorDavid/CVE-2023-38831-Winrar-Exploit-Generator-POC https://github.com/ahmed-fa7im/CVE-2023-38831-winrar-expoit-simple-Poc https://github.com/xaitax/WinRAR-CVE-2023-38831 https://github.com/z3r0sw0rd/CVE-2023-38831-PoC https://github.com/ameerpornillos/CVE-2023-38831-WinRAR-Exploit https://github.com/Mich-ele&#x • CWE-351: Insufficient Type Distinction •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40477 – RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40477
RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of recovery volumes. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://github.com/wildptr-io/Winrar-CVE-2023-40477-POC https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=232&cHash=c5bf79590657e32554c6683296a8e8aa https://www.zerodayinitiative.com/advisories/ZDI-23-1152 • CWE-129: Improper Validation of Array Index •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43650 – RARLAB WinRAR ZIP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-43650
This vulnerability allows remote attackers to disclose sensitive information on affected installations of RARLAB WinRAR 6.11.0.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ZIP files. Crafted data in a ZIP file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. • https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=216&cHash=983dfbcc83fb1b64a5f792891a281709 https://www.zerodayinitiative.com/advisories/ZDI-23-092 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20253
https://notcve.org/view.php?id=CVE-2018-20253
In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA / LZH archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user. En WinRAR, en versiones anteriores a la 5.60 (inclusive), hay una vulnerabilidad de escritura fuera de límites durante el análisis de formatos de archivo LHA/LZH manipulados. Su explotación con éxito podría permitir la ejecución arbitraria de código en el contexto del usuario actual. • https://research.checkpoint.com/extracting-code-execution-from-winrar https://www.win-rar.com/whatsnew.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 71%CPEs: 1EXPL: 1CVE-2018-20251
https://notcve.org/view.php?id=CVE-2018-20251
In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format. The UNACE module (UNACEV2.dll) creates files and folders as written in the filename field even when WinRAR validator noticed the traversal attempt and requestd to abort the extraction process. the operation is cancelled only after the folders and files were created but prior to them being written, therefore allowing the attacker to create empty files and folders everywhere in the file system. En WinRAR, en versiones anteriores e incluyendo a la 5.61, hay una vulnerabilidad de salto de directorio al manipular el campo "filename" del formato ACE. El módulo UNACE (UNACEV2.dll) crea archivos y carpetas tal y como están escritos en el campo "filename", incluso cuando el validador de WinRAR descubría el intento de salto y solicitaba abortar el proceso de extracción. La operación se cancelaba solo tras crear las carpetas y archivos, pero antes de que se escribiesen, permitiendo así que el atacante cree archivos y carpetas vacíos en cualquier lugar del sistema de archivos. • http://www.securityfocus.com/bid/106948 https://research.checkpoint.com/extracting-code-execution-from-winrar https://www.win-rar.com/whatsnew.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-693: Protection Mechanism Failure •