Share
## https://sploitus.com/exploit?id=73F4AC89-48B2-568F-9102-9C843DC2D0E2
# WinRAR-CVE-2023-38831
This Metasploit module exploits a vulnerability in WinRAR 6.22 (CVE-2023-38831). When a user opens a crafted RAR file and its embedded document, the decoy document is executed, leading to code execution.

It is not pretty, but works. ๐Ÿคท๐Ÿป

Alexander Hagenah [@xaitax](https://twitter.com/xaitax)

![](https://github.com/xaitax/WinRAR-CVE-2023-38831/blob/main/winrar_cve-2023-38831.gif?raw=true)

## References

- https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/
- https://b1tg.github.io/post/cve-2023-38831-winrar-analysis/