Security News > 2023 > October > Google TAG Detects State-Backed Threat Actors Exploiting WinRAR Flaw

Google TAG Detects State-Backed Threat Actors Exploiting WinRAR Flaw
2023-10-19 04:02

A number of state-back threat actors from Russia and China have been observed exploiting a recent security flaw in the WinRAR archiver tool for Windows as part of their operations. The vulnerability in question is CVE-2023-38831 (CVSS score: 7.8), which allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The shortcoming has been actively


News URL

https://thehackernews.com/2023/10/google-tag-detects-state-backed-threat.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-08-23 CVE-2023-38831 Insufficient Verification of Data Authenticity vulnerability in Rarlab Winrar
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive.
local
low complexity
rarlab CWE-345
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 141 994 4922 2872 1623 10411