Government-backed actors exploiting WinRAR vulnerability

This report details CVE-2023-3883: WinRAR normalizes paths by removing trailing spaces but calls ShellExecuteExW with the non-normalized path containing a trailing space, causing ShellExecute to fail extension detection and call shell32!ApplyDefaultExts. ApplyDefaultExts enumerates files in the directory and executes the first file matching hardcoded executable extensions (.pif, .com, .exe, .bat, .lnk, .cmd), so a crafted archive entry with a space in the extension can result in arbitrary code execution.