Vulnerabilites related to malwarebytes - malwarebytes_anti-malware
Vulnerability from fkie_nvd
Published
2018-03-21 21:29
Modified
2024-11-21 02:44
Severity ?
Summary
A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| malwarebytes | malwarebytes_anti-malware | 2.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:malwarebytes:malwarebytes_anti-malware:2.2.1:*:*:*:consumer:*:*:*",
"matchCriteriaId": "0204A27F-1DB9-4D9F-8E07-44B18DE98D30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la implementaci\u00f3n de cifrado y permisos de Malwarebytes Anti-Malware, en versiones de consumidor 2.2.1 y anteriores (solucionada en 3.0.4), permite que un atacante asuma el control de la caracter\u00edstica de lista blanca (exclusions.dat en %SYSTEMDRIVE%\\ProgramData) para permitir la ejecuci\u00f3n de aplicaciones no autorizadas, incluyendo malware y sitios web maliciosos. Los archivos que Malwarebytes Malware Protect ha colocado en la lista negra pueden ser ejecutados y, adem\u00e1s, los dominios que Malwarebytes Web Protect ha colocado en la lista negra pueden alcanzarse mediante HTTP."
}
],
"id": "CVE-2016-10717",
"lastModified": "2024-11-21T02:44:35.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-21T21:29:00.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securitytube.net/video/16690"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.malwarebytes.com/topic/158251-malwarebytes-hall-of-fame/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/mspaling/mbam-exclusions-poc-"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/mspaling/mbam-exclusions-poc-/blob/master/mbam-whitelist-poc.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=LF5ic5nOoUY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securitytube.net/video/16690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.malwarebytes.com/topic/158251-malwarebytes-hall-of-fame/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/mspaling/mbam-exclusions-poc-"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/mspaling/mbam-exclusions-poc-/blob/master/mbam-whitelist-poc.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=LF5ic5nOoUY"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-16 18:59
Modified
2024-11-21 02:11
Severity ?
Summary
The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| malwarebytes | malwarebytes_anti-exploit | * | |
| malwarebytes | malwarebytes_anti-malware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:malwarebytes:malwarebytes_anti-exploit:*:*:*:*:consumer:*:*:*",
"matchCriteriaId": "345E1266-67AF-4D64-A539-8A260820A556",
"versionEndIncluding": "1.04.1.1012",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:malwarebytes:malwarebytes_anti-malware:*:*:*:*:consumer:*:*:*",
"matchCriteriaId": "EDAE3545-638F-461E-9D1F-4A95BD8FAFB5",
"versionEndIncluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable."
},
{
"lang": "es",
"value": "La funcionalidad de actualizaci\u00f3n en el consumidor Malwarebytes Anti-Malware (MBAM) anterior a 2.0.3 y el consumidor Malwarebytes Anti-Exploit (MBAE) 1.04.1.1012 y anteriores permiten a atacantes man-in-the-middle ejecutar c\u00f3digo arbitrario mediante la falsificaci\u00f3n del servidor de actualizaci\u00f3n y la subida de un ejecutable."
}
],
"id": "CVE-2014-4936",
"lastModified": "2024-11-21T02:11:08.053",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-12-16T18:59:02.827",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://blog.0x3a.com/post/104954032239/cve-2014-4936-malwarebytes-anti-malware-and"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/130244/Malwarebytes-Anti-Malware-Anti-Exploit-Update-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://blog.0x3a.com/post/104954032239/cve-2014-4936-malwarebytes-anti-malware-and"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/130244/Malwarebytes-Anti-Malware-Anti-Exploit-Update-Remote-Code-Execution.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2016-10717
Vulnerability from cvelistv5
Published
2018-03-21 21:00
Modified
2024-08-06 03:30
Severity ?
EPSS score ?
Summary
A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.youtube.com/watch?v=LF5ic5nOoUY | x_refsource_MISC | |
| http://www.securitytube.net/video/16690 | x_refsource_MISC | |
| https://github.com/mspaling/mbam-exclusions-poc-/blob/master/mbam-whitelist-poc.txt | x_refsource_MISC | |
| https://github.com/mspaling/mbam-exclusions-poc- | x_refsource_MISC | |
| https://forums.malwarebytes.com/topic/158251-malwarebytes-hall-of-fame/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:30:20.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=LF5ic5nOoUY"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitytube.net/video/16690"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mspaling/mbam-exclusions-poc-/blob/master/mbam-whitelist-poc.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mspaling/mbam-exclusions-poc-"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forums.malwarebytes.com/topic/158251-malwarebytes-hall-of-fame/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-21T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=LF5ic5nOoUY"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitytube.net/video/16690"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mspaling/mbam-exclusions-poc-/blob/master/mbam-whitelist-poc.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mspaling/mbam-exclusions-poc-"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forums.malwarebytes.com/topic/158251-malwarebytes-hall-of-fame/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.youtube.com/watch?v=LF5ic5nOoUY",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=LF5ic5nOoUY"
},
{
"name": "http://www.securitytube.net/video/16690",
"refsource": "MISC",
"url": "http://www.securitytube.net/video/16690"
},
{
"name": "https://github.com/mspaling/mbam-exclusions-poc-/blob/master/mbam-whitelist-poc.txt",
"refsource": "MISC",
"url": "https://github.com/mspaling/mbam-exclusions-poc-/blob/master/mbam-whitelist-poc.txt"
},
{
"name": "https://github.com/mspaling/mbam-exclusions-poc-",
"refsource": "MISC",
"url": "https://github.com/mspaling/mbam-exclusions-poc-"
},
{
"name": "https://forums.malwarebytes.com/topic/158251-malwarebytes-hall-of-fame/",
"refsource": "MISC",
"url": "https://forums.malwarebytes.com/topic/158251-malwarebytes-hall-of-fame/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10717",
"datePublished": "2018-03-21T21:00:00",
"dateReserved": "2018-03-21T00:00:00",
"dateUpdated": "2024-08-06T03:30:20.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4936
Vulnerability from cvelistv5
Published
2014-12-16 18:00
Modified
2024-08-06 11:34
Severity ?
EPSS score ?
Summary
The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:36.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.0x3a.com/post/104954032239/cve-2014-4936-malwarebytes-anti-malware-and"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130244/Malwarebytes-Anti-Malware-Anti-Exploit-Update-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.0x3a.com/post/104954032239/cve-2014-4936-malwarebytes-anti-malware-and"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130244/Malwarebytes-Anti-Malware-Anti-Exploit-Update-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.0x3a.com/post/104954032239/cve-2014-4936-malwarebytes-anti-malware-and",
"refsource": "MISC",
"url": "http://blog.0x3a.com/post/104954032239/cve-2014-4936-malwarebytes-anti-malware-and"
},
{
"name": "http://packetstormsecurity.com/files/130244/Malwarebytes-Anti-Malware-Anti-Exploit-Update-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130244/Malwarebytes-Anti-Malware-Anti-Exploit-Update-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4936",
"datePublished": "2014-12-16T18:00:00",
"dateReserved": "2014-07-11T00:00:00",
"dateUpdated": "2024-08-06T11:34:36.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}