![]() ![]() #Microsoft in May announced support for RAR files into Windows along with other archive formats including tar, 7-zip, gz and others, because of the addition of libarchive open-source library. Consequently, it is a reason why threat actors invest time in identifying vulnerabilities in this tool for achieving widespread exploitation. In use since nearly three decades and with 500 million users worldwide, WinRAR is a shareware product and one of the most popular compression tools. ![]() The vulnerability allowed an attacker to trigger command execution upon opening a specially crafted RAR file. The vulnerability is fixed in WinRAR version 6.23, which also resolved another highly severe vulnerability tracked as CVE-2023-40477. RARLAB, which maintains the development of the archiving tool did not specify much in its release notes and only stated that due to this vulnerability, "WinRAR could start a wrong file after a user double-clicked an item in a specially crafted archive." Group-IB explained that CVE-2023-38831 allows attackers to spoof file extensions, which means they are able to hide the launch of malicious scripts within an archive masquerading as a jpg, txt, or any other file format. ![]() Group-IB said at least 130 #traders' devices remain infected, at the moment, but the total number of devices infected as a result of this vulnerability and concurrent financial losses could not be confirmed. The bug has been exploited since April this year to distribute various malware families including DarkMe, GuLoader and Remcos #RAT, said cybersecurity firm Group-IB, which is attributed with the findings of the vulnerability. ![]() Tracked as CVE-2023-38831, the zero-day is found in the processing of the ZIP file format of WinRAR file archiving tool of Windows. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |