Lucene search
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WINRAR_623.NASLHistoryAug 24, 2023 - 12:00 a.m.
WinRAR < 6.23 RCE
2023-08-2400:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
45
8.4 High
AI Score
Confidence
High
The remote host is running WinRAR, an archive manager for Windows.
The version of WinRAR installed on the remote host is affected by a an improper validation of user-supplied data, which can result in memory access past the end of an allocated buffer which can be exploited remotely and may allow attackers to execute code in the context of the current process.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(180174);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/03");
script_cve_id("CVE-2023-38831", "CVE-2023-40477");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2023/09/14");
script_xref(name:"IAVA", value:"2023-A-0436-S");
script_name(english:"WinRAR < 6.23 RCE");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has an application installed which is affected by a remote code execution vulnerability.");
script_set_attribute(attribute:"description", value:
"The remote host is running WinRAR, an archive manager for Windows.
The version of WinRAR installed on the remote host is affected by a an improper validation of user-supplied
data, which can result in memory access past the end of an allocated buffer which can be exploited remotely
and may allow attackers to execute code in the context of the current process.");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-23-1152/");
script_set_attribute(attribute:"see_also", value:"https://www.rarlab.com/rarnew.htm");
script_set_attribute(attribute:"solution", value:
"Upgrade to WinRAR version 6.23 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-40477");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2023-38831");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'WinRAR CVE-2023-38831 Exploit');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/08/17");
script_set_attribute(attribute:"patch_publication_date", value:"2023/08/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/08/24");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:rarlab:winrar");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("winrar_win_installed.nbin");
script_require_keys("installed_sw/RARLAB WinRAR", "SMB/Registry/Enumerated");
exit(0);
}
include("vcf.inc");
get_kb_item_or_exit('SMB/Registry/Enumerated');
var app_info = vcf::get_app_info(app:'RARLAB WinRAR', win_local:TRUE);
var constraints = [ { 'fixed_version' : '6.23' } ];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
Related
trellix
trellix
CVE-2023-38831: Navigating the Threat Landscape of the Latest Security Vulnerability
2023-11-09 00:00:00
CVE-2023-38831: Navigating the Threat Landscape of the Latest Security Vulnerability
2023-11-09 00:00:00
The Bug Report – August 2023 Edition
2023-09-06 00:00:00
thn
thn
WinRAR Security Flaw Exploited in Zero-Day Attacks to Target Traders
2023-08-24 11:12:00
Beware: Fake Exploit for WinRAR Vulnerability on GitHub Infects Users with Venom RAT
2023-09-21 05:03:00
Operation RusticWeb: Rust-Based Malware Targets Indian Government Entities
2023-12-22 13:19:00
hivepro
hivepro
The Rise of DarkCasino APT Group Exploiting WinRAR 0-Day
2023-11-27 12:47:11
WinRAR Zero-Day Exploit Targeting Traders Since April
2023-08-25 08:16:29
SideCopy Leverages Multi-platform RAT, Assaults Indian Government Entities
2023-11-09 05:00:36
githubexploit
githubexploit
Exploit for Vulnerability in Rarlab Winrar
2024-04-01 15:59:34
Exploit for Vulnerability in Rarlab Winrar
2023-08-27 21:49:37
Exploit for Vulnerability in Rarlab Winrar
2023-09-21 06:08:30
zdt
zdt
WinRAR version 6.22 - Remote Code Execution via ZIP archive Exploit
2024-03-29 00:00:00
WinRAR Remote Code Execution Exploit
2023-09-11 00:00:00
osv
osv
rar - security update
2023-08-27 00:00:00
libclamunrar - security update
2023-11-15 00:00:00
unrar-nonfree - security update
2023-08-26 00:00:00
hackread
hackread
Fake PoC Script Used to Trick Researchers into Downloading VenomRAT
2023-09-20 01:10:45
veracode
veracode
Remote Code Execution (RCE)
2023-08-31 07:36:26
openvas
openvas
Fedora: Security Advisory for clamav (FEDORA-2023-4576748282)
2023-09-09 00:00:00
openSUSE: Security Advisory for clamav (SUSE-SU-2023:4415-1)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:4415-1)
2023-11-13 00:00:00
malwarebytes
malwarebytes
Update now! WinRAR files can be abused to run malware
2023-08-22 11:30:00
Android phones can be taken over remotely – update when you can
2023-12-07 12:07:42
zdi
zdi
nessus
nessus
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : clamav (SUSE-SU-2023:4415-1)
2023-11-11 00:00:00
Debian DLA-3543-1 : rar - LTS security update
2023-08-30 00:00:00
Debian DLA-3542-1 : unrar-nonfree - LTS security update
2023-08-27 00:00:00
ubuntucve
ubuntucve
CVE-2023-40477
2023-08-25 00:00:00
debiancve
debiancve
CVE-2023-40477
2024-05-03 03:15:20
CVE-2023-38831
2023-08-23 17:15:00
fedora
fedora
[SECURITY] Fedora 37 Update: clamav-0.103.10-1.fc37
2023-09-09 00:40:28
cisa_kev
cisa_kev
RARLAB WinRAR Code Execution Vulnerability
2023-08-24 00:00:00
Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability
2024-04-30 00:00:00
packetstorm
packetstorm
WinRAR Remote Code Execution
2023-09-08 00:00:00
WinRAR 6.22 Remote Code Execution
2024-03-28 00:00:00
cve
cve
exploitdb
exploitdb
WinRAR version 6.22 - Remote Code Execution via ZIP archive
2024-03-28 00:00:00
metasploit
metasploit
WinRAR CVE-2023-38831 Exploit
2023-09-04 16:56:22
kaspersky
kaspersky
KLA52366 Multiple vulnerabilities in WinRAR
2023-08-17 00:00:00
prion
prion
Design/Logic Flaw
2023-08-23 17:15:00
cnvd
cnvd
WinRAR Code Execution Vulnerability
2023-08-25 00:00:00
attackerkb
attackerkb
CVE-2023-38831
2023-08-23 00:00:00
debian
debian
[SECURITY] [DLA 3542-1] unrar-nonfree security update
2023-08-26 20:49:09
[SECURITY] [DLA 3543-1] rar security update
2023-08-27 06:29:36
[SECURITY] [DLA 3653-1] libclamunrar security update
2023-11-15 09:45:33
mageia
mageia
Updated unrar packages fix security vulnerability
2023-09-11 16:07:54
ubuntu
ubuntu
libclamunrar vulnerabilities
2024-01-08 00:00:00
gentoo
gentoo
RAR, UnRAR: Arbitrary File Overwrite
2023-09-17 00:00:00
securelist
securelist
Exploits and vulnerabilities in Q1 2024
2024-05-07 10:00:39
IT threat evolution in Q3 2023. Non-mobile statistics
2023-12-01 10:00:03
avleonov
avleonov
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2023-09-15 18:54:45