Jetzt Ausprobieren

WinRAR RCE Vulnerability Audit – CVE-2023-40477

Network Devices Vulnerability

Discover WinRAR Installations Vulnerable to CVE-2023-40477 in Your IT Estate

RARLAB has fixed a vulnerability in WinRAR that was caused by a case of improper validation while processing recovery volumes. The flaw was reported by the Zero Day Initiative on the 8th of June and has been addressed in the WinRAR 6.23 release on the 2nd of August. If successfully exploited, the flaw could allow an attacker to execute arbitrary code by tricking the target into opening a malicious page or file.

The report below will give you an overview of all at-risk WinRAR installations in your network. You can read more about this bug in the Vulnerability blog post.

See All WinRAR Installations in Your Network

Winrar Vulnerability

WinRAR RCE Vulnerability Lansweeper On-Prem Query

Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblSoftwareUni.softwareName,
tblSoftware.softwareVersion,
tblAssets.Username,
tblAssets.Userdomain,
Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.IPAddress,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tsysOS.OSname As OS,
tblAssets.SP,
Case
When tblErrors.ErrorText Is Not Null Or
tblErrors.ErrorText != '' Then
'Scanning Error: ' + tsysasseterrortypes.ErrorMsg
Else ''
End As ScanningErrors,
tblAssets.Lastseen,
tblAssets.Lasttried
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID
Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID,
Max(tblErrors.Teller) As ErrorID
From tblErrors
Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID =
ScanningError.ID
Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
tblErrors.ErrorType
Where
((tblSoftwareUni.softwareName Like '%WinRAR%' And
Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) < 6) Or
(tblSoftwareUni.softwareName Like '%WinRAR%' And
Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 6 And
Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) < 23) or
(tblSoftwareUni.softwareName Like '%WinRAR%' And
Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 6 And
Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) = 23 And
Cast(ParseName(tblSoftware.softwareVersion, 1) As bigint) <= 0)) and
tblState.Statename = 'Active'
Order By tblAssets.Domain,
tblAssets.AssetName

Show

Hide