Skip to main content

WinRAR vulnerability under active exploitation, warns Google’s Threat Analysis Group

posted onOctober 19, 2023
by l33tdawg
Silicon Angle
Credit: Silicon Angle

Google LLC’s Threat Analysis Group today warned users of a vulnerability in file archiving and compressing software WinRAR that’s being actively exploited by hacking groups, including allegedly state-sponsored actors.

The researchers at Google TAG have observed hacking groups leveraging a vulnerability tracked as CVE-2023-3883. The vulnerability, found in versions of WinRAR before 6.23, allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive.

The vulnerability was first detected in April and while a patch was issued, many users remain susceptible. The vulnerability lies in WinRAR’s file extraction logic, which allows attackers to execute arbitrary code on a user’s system. The exploit occurs when a user attempts to view a file within a ZIP archive using WinRAR. The logic flaw, combined with a quirk in the Windows ShellExecute function, allows attackers to trick the system into executing malicious code instead of opening the intended file.

Source

Tags

Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th