1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. RARLAB WinRAR Code Execution Vulnerability

Known Exploited Vulnerabilities CVE-2023-38831 Mappings

RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2023-38831 RARLAB WinRAR Code Execution Vulnerability secondary_impact T1041 Exfiltration Over C2 Channel
Comments
CVE-2023-38831 is a vulnerability within the crafred archive process of WinRAR that occurs when a user attempts to open a seemingly legitimate document within a compromised archive, the vulnerability allows the attacker to execute arbitrary code on the system via a specially prepared archive. There have been public reports on the FROZENLAKE spear-phishing campaign, FROZENBARENTS, and ISLANDDREAMS leveraging this vulnerability.
References
  1. https://cybersecuritynews.com/hacktivist-group-exploit-winrar-vulnerability/
  2. https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/
  3. https://thehackernews.com/2024/09/hacktivists-exploits-winrar.html
  4. https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/
CVE-2023-38831 RARLAB WinRAR Code Execution Vulnerability secondary_impact T1112 Modify Registry
Comments
CVE-2023-38831 is a vulnerability within the crafred archive process of WinRAR that occurs when a user attempts to open a seemingly legitimate document within a compromised archive, the vulnerability allows the attacker to execute arbitrary code on the system via a specially prepared archive. There have been public reports on the FROZENLAKE spear-phishing campaign, FROZENBARENTS, and ISLANDDREAMS leveraging this vulnerability.
References
  1. https://cybersecuritynews.com/hacktivist-group-exploit-winrar-vulnerability/
  2. https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/
  3. https://thehackernews.com/2024/09/hacktivists-exploits-winrar.html
  4. https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/
CVE-2023-38831 RARLAB WinRAR Code Execution Vulnerability secondary_impact T1053 Scheduled Task/Job
Comments
CVE-2023-38831 is a vulnerability within the crafred archive process of WinRAR that occurs when a user attempts to open a seemingly legitimate document within a compromised archive, the vulnerability allows the attacker to execute arbitrary code on the system via a specially prepared archive. There have been public reports on the FROZENLAKE spear-phishing campaign, FROZENBARENTS, and ISLANDDREAMS leveraging this vulnerability.
References
  1. https://cybersecuritynews.com/hacktivist-group-exploit-winrar-vulnerability/
  2. https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/
  3. https://thehackernews.com/2024/09/hacktivists-exploits-winrar.html
  4. https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/
CVE-2023-38831 RARLAB WinRAR Code Execution Vulnerability secondary_impact T1486 Data Encrypted for Impact
Comments
CVE-2023-38831 is a vulnerability within the crafred archive process of WinRAR that occurs when a user attempts to open a seemingly legitimate document within a compromised archive, the vulnerability allows the attacker to execute arbitrary code on the system via a specially prepared archive. There have been public reports on the FROZENLAKE spear-phishing campaign, FROZENBARENTS, and ISLANDDREAMS leveraging this vulnerability.
References
  1. https://cybersecuritynews.com/hacktivist-group-exploit-winrar-vulnerability/
  2. https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/
  3. https://thehackernews.com/2024/09/hacktivists-exploits-winrar.html
  4. https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/
CVE-2023-38831 RARLAB WinRAR Code Execution Vulnerability secondary_impact T1005 Data from Local System
Comments
CVE-2023-38831 is a vulnerability within the crafred archive process of WinRAR that occurs when a user attempts to open a seemingly legitimate document within a compromised archive, the vulnerability allows the attacker to execute arbitrary code on the system via a specially prepared archive. There have been public reports on the FROZENLAKE spear-phishing campaign, FROZENBARENTS, and ISLANDDREAMS leveraging this vulnerability.
References
  1. https://cybersecuritynews.com/hacktivist-group-exploit-winrar-vulnerability/
  2. https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/
  3. https://thehackernews.com/2024/09/hacktivists-exploits-winrar.html
  4. https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/
CVE-2023-38831 RARLAB WinRAR Code Execution Vulnerability secondary_impact T1105 Ingress Tool Transfer
Comments
CVE-2023-38831 is a vulnerability within the crafred archive process of WinRAR that occurs when a user attempts to open a seemingly legitimate document within a compromised archive, the vulnerability allows the attacker to execute arbitrary code on the system via a specially prepared archive. There have been public reports on the FROZENLAKE spear-phishing campaign, FROZENBARENTS, and ISLANDDREAMS leveraging this vulnerability.
References
  1. https://cybersecuritynews.com/hacktivist-group-exploit-winrar-vulnerability/
  2. https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/
  3. https://thehackernews.com/2024/09/hacktivists-exploits-winrar.html
  4. https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/
CVE-2023-38831 RARLAB WinRAR Code Execution Vulnerability primary_impact T1059.004 Unix Shell
Comments
CVE-2023-38831 is a vulnerability within the crafred archive process of WinRAR that occurs when a user attempts to open a seemingly legitimate document within a compromised archive, the vulnerability allows the attacker to execute arbitrary code on the system via a specially prepared archive. There have been public reports on the FROZENLAKE spear-phishing campaign, FROZENBARENTS, and ISLANDDREAMS leveraging this vulnerability.
References
  1. https://cybersecuritynews.com/hacktivist-group-exploit-winrar-vulnerability/
  2. https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/
  3. https://thehackernews.com/2024/09/hacktivists-exploits-winrar.html
  4. https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/
CVE-2023-38831 RARLAB WinRAR Code Execution Vulnerability exploitation_technique T1204 User Execution
Comments
CVE-2023-38831 is a vulnerability within the crafred archive process of WinRAR that occurs when a user attempts to open a seemingly legitimate document within a compromised archive, the vulnerability allows the attacker to execute arbitrary code on the system via a specially prepared archive. There have been public reports on the FROZENLAKE spear-phishing campaign, FROZENBARENTS, and ISLANDDREAMS leveraging this vulnerability.
References
  1. https://cybersecuritynews.com/hacktivist-group-exploit-winrar-vulnerability/
  2. https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/
  3. https://thehackernews.com/2024/09/hacktivists-exploits-winrar.html
  4. https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/