Old WinRAR vulnerability is exploited by government-backed actors

Martin Brinkmann
Oct 19, 2023

WinRAR users who have not updated the archiving software in some time may want to do so immediately. A report by Google's Threat Analysis Group TAG suggests that government-backed actors are exploiting a vulnerability in WinRAR for which a fix has been available for some time.

We published information about the WinRAR update that addressed the issue in August when it first came out. WinRAR 6.23 fixed the issue. It allowed malicious actors to run code on devices on successful exploitation of the vulnerability.

All it requires is that users open a specially crafted WinRAR archive on their devices. WinRAR users can patch the issue by downloading and installing the latest version, which is WinRAR 6.24 at the time of writing.

Google's report on the WinRAR vulnerability

winrar version

Google discovered that multiple government-backed hacking groups are exploiting the WinRAR's CVE-2023-38831 vulnerability in recent weeks. First exploits of the issue began in early 2023, a time when anti-malware services and the maker of WinRAR were unaware of the vulnerability.

While a patch is available, Google notes that "many users still seem to be vulnerable". In other words: WinRAR users have not updated the archiving software to version 6.23 or newer since the release in August 2023.

Google provides a detailed analysis of the vulnerability in the blog post. It explains that the issue is a "logical vulnerability within WinRAR causing extraneous temporary file expansion when processing crafted archives, combined with a quirk in the implementation of Windows’ ShellExecute when attempting to open a file with an extension containing spaces".

Attackers may exploit the issue to execute arbitrary code on user devices when a "user attempts to view a benign file (such as an ordinary PNG file) within a ZIP archive".

You can check out the full blog post over on Google's blog for additional information about the vulnerability.

Closing Words

WinRAR users should download the latest version of the software from the official website and install it on their devices. This protects them from attacks that target the vulnerability.

Those who run the latest version of Windows 11 and only use WinRAR to extract archives may also consider using the new RAR extract feature of the operating system.

Old WinRAR vulnerability is exploited by government-backed actors
Article Name
Old WinRAR vulnerability is exploited by government-backed actors
Government-backed threat actors are exploiting an old, already fixed, vulnerability in the archiving software WinRar.
Ghacks Technology News

Previous Post: «
Next Post: «


  1. Graham said on October 20, 2023 at 6:03 am

    Just download PeaZip, 7Zip, or any of the other free RAR extractors.
    There’s zero reason to have to pay for software just to open RAR folders. WinRAR is obsolete.

  2. Anonymous said on October 19, 2023 at 7:49 pm

    Winrar is the worst piece of software, it hasn’t a single update button!

  3. Major said on October 19, 2023 at 4:38 pm

    Even better – install 7zip

  4. Benjamin said on October 19, 2023 at 7:37 am

    It is always grotesque wen big player like Google warn about government actors exploiting our rights while said corporations steal all our data and made it their business because it was and is in large parts unregulated. This means that citizens do not get any systematic legal protection from data thiefs… just look at the mobile phone devices which are many things besides telephony

    1. Anonymous said on October 20, 2023 at 11:22 am

      Who forces you to use a smartphone, instead of a feature phone, when a feature phone is what you really want ? It’s also roughly 20-40 times cheaper.
      Same with Google (Meta, Apple, Microsoft, Amazon, Sinola cartel, Russian prostitutes on crack or whoever) .. you don’t like them or their business model ? Then simply don’t use any of their services. It’s not that difficult.
      Doesn’t require any technical knowledge to locally block a few DNS entries and 3rd party cookies.

      Though the main key is to understand the value, that your data represents and thus to never hand it out, unless it is absolutely necessary, which is rarely the case.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.