POC WinRAR vulnerable to remote code execution,
A widely used Windows-only utility, WinRAR can create and extract file archives in various compression formats (RAR, ZIP, CAB, ARJ, LZH, TAR, GZip, UUE, ISO, BZIP2, Z and 7-Zip).
CVE-2023-40477 is a remote code execution vulnerability that could allow remote threat actors to execute arbitrary code on an affected WinRAR installation.
Create "test.rar" and place in same directory as poc.py.
Put any files u want inside "test.rar".
Execute command: poc.py -c CMD COMMAND TO EXECUTE
Done ! Now after someone open any file inside .rar file will execute that command hiddenly.
VIDEO:
https://streamable.com/nx20wk