CVE-2023-40477

Vulnerability updated 7 months ago (2024-11-29T14:09:57.577Z)
Download STIX
Preview STIX
CVE-2023-40477 is a high-severity vulnerability discovered in the popular file compression software, WinRAR. This flaw in the software's design or implementation can be exploited by remote attackers to execute arbitrary code using specially crafted archive files. The vulnerability was addressed by the maintainer in June 2023 but was only publicly disclosed two months later in August 2023. Simultaneously, another critical Remote Code Execution (RCE) vulnerability, CVE-2023-38831, was identified and patched in August 2023 along with CVE-2023-40477. Both of these vulnerabilities presented significant risks as they could have allowed malicious actors to gain unauthorized access and control over affected systems. Details about CVE-2023-40477 were published on the Zero Day Initiative website, highlighting its potential for misuse. In a concerning development, research from Palo Alto Networks revealed that a cyberattacker known as "whalersplonk" had exploited the CVE-2023-40477 vulnerability. Utilizing the security bug in WinRAR, which was made public on August 17, the attacker leveraged this vulnerability to further their malicious activities. This incident underscores the importance of timely patching and software updates to mitigate such threats.
Description last updated: 2024-05-04T16:56:29.914Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
WinRAR
Poc
RCE (Remote ...
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the CVE-2023-40477 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securelist
a year ago
Malwarebytes
2 years ago
CERT-EU
2 years ago
BankInfoSecurity
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
DARKReading
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
Unit42
2 years ago
CERT-EU
2 years ago
Quick Heal Technologies Ltd.
2 years ago
CERT-EU
2 years ago
Naked Security
2 years ago