Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT


Researchers need to be mindful of threat actors that swiftly create a fake proof of concept (PoC) for a recently disclosed vulnerability by reusing old proof of concept (PoC) code. The WinRAR remote code execution (RCE) vulnerability was officially disclosed on August 17, 2023, by the Zero Day Initiative, tagged as CVE-2023-40477.

The bogus PoC that attempted to exploit this WinRAR flaw was based on a publicly accessible PoC script that attacked the CVE-2023-25157-tracked SQL injection flaw in the GeoServer application. On June 8, 2023, they told the vendor about it. A false PoC script was uploaded to a GitHub repository by an individual going by the handle whalersplonk four days after CVE-2023-40477 was made public.

Read More…