WinRAR vulnerability under active exploitation, warns Google’s Threat Analysis Group
Google LLC’s Threat Analysis Group today warned users of a vulnerability in file archiving and compressing software WinRAR that’s being actively exploited by hacking groups, including allegedly state-sponsored actors.
The researchers at Google TAG have observed hacking groups leveraging a vulnerability tracked as CVE-2023-3883. The vulnerability, found in versions of WinRAR before 6.23, allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive.
The vulnerability was first detected in April and while a patch was issued, many users remain susceptible. The vulnerability lies in WinRAR’s file extraction logic, which allows attackers to execute arbitrary code on a user’s system. The exploit occurs when a user attempts to view a file within a ZIP archive using WinRAR. The logic flaw, combined with a quirk in the Windows ShellExecute function, allows attackers to trick the system into executing malicious code instead of opening the intended file.