CVE-2023-38831: RARLAB WinRAR Code Execution Vulnerability. RARLAB WinRAR

RARLAB WinRAR Code Execution Vulnerability. RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file within a ZIP archive.

• CISA KEV-listed (remediation due 2023-09-14)
• used in ransomware campaigns
• EPSS 93.9% (99.9% percentile)

Detection rules

• CVE-2023-38331 Exploitation Attempt - Suspicious Double Extension File high
• CVE-2023-38331 Exploitation Attempt - Suspicious WinRAR Child Process high
• Potentially Suspicious Child Process Of WinRAR.EXE medium

Browse the CVE database

Read the full analysis on IntelFusions