CVE-2023-38831 is a Remote Code Execution (RCE) vulnerability in WinRAR that impacts WinRAR versions prior to 6.23. Here's how an attacker can exploit it: the malicious archive file contains both a benign file and a folder with the same name as the file. Typically, this folder contains malware that will be executed when the victim attempts to open the seemingly harmless file.

Within this example RAR file, there is a PDF file that is benign, and inside the folder, there is an executable file containing malware.

If the victim is using a WinRAR version prior to 6.23 and attempts to open the seemingly harmless PDF document, the malware will be executed.