CVE-2023-40477

HIGH

WinRAR < 6.23 - Remote Code Execution via Recovery Volume Processing

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2023-40477. PoCs published by wildptr-io, winkler-winsen.

AI-analyzed exploit summary This repository contains a functional PoC for CVE-2023-40477, a heap overflow vulnerability in WinRAR <= 6.22. The exploit manipulates recovery volumes in RAR archives to trigger a crash during extraction, demonstrating the vulnerability.

Description

RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of recovery volumes. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21233.

Exploits (2)

nomisec WORKING POC 24 stars

by wildptr-io · poc

https://github.com/wildptr-io/Winrar-CVE-2023-40477-POC

View Code ZIP pw:eip

This repository contains a functional PoC for CVE-2023-40477, a heap overflow vulnerability in WinRAR <= 6.22. The exploit manipulates recovery volumes in RAR archives to trigger a crash during extraction, demonstrating the vulnerability.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: WinRAR <= 6.22

No auth needed

Prerequisites: WinRAR <= 6.22 installed · Ability to create and modify RAR archives

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec SCANNER

by winkler-winsen · poc

https://github.com/winkler-winsen/Scan_WinRAR

View Code ZIP pw:eip

This repository contains a PowerShell script that scans for WinRAR files affected by CVE-2023-40477. It checks for specific DLL and executable files, lists their versions, and identifies vulnerable versions (below 6.23).

Classification

Scanner 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: WinRAR versions below 6.23

No auth needed

Prerequisites: Access to the target system's file system

MITRE ATT&CK

T1082 - System Information Discovery

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2023/11/msg00009.html

Third Party Advisory, VDB Entry x_research-advisory

https://www.zerodayinitiative.com/advisories/ZDI-23-1152/

Release Notes vendor-advisory

https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=232&cHash=c5bf79590657e32554c6683296a8e8aa

Scores

CVSS v3 7.8

EPSS 0.1308

EPSS Percentile 95.8%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-129

Status published

Products (1)

rarlab/winrar < 6.23

Published May 03, 2024

Tracked Since Feb 18, 2026