CVE-2016-10717

Description

A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP.

Related CPE's

amalwarebytesmalwarebytes_anti-malware2.2.1***consumer***

References

https://www.youtube.com/watch?v=LF5ic5nOoUY

Third Party Advisory

https://github.com/mspaling/mbam-exclusions-poc-/blob/master/mbam-whitelist-poc.txt

ExploitThird Party Advisory

https://github.com/mspaling/mbam-exclusions-poc-

ExploitThird Party Advisory

https://forums.malwarebytes.com/topic/158251-malwarebytes-hall-of-fame/

Vendor Advisory

http://www.securitytube.net/video/16690

Third Party Advisory

CvssV3 impact

BaseSeverity

HIGH

ConfidentialityImpact

HIGH

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

LOCAL

AvailabilityImpact

HIGH

IntegrityImpact

HIGH

PrivilegesRequired

LOW

BaseScore

7.8

VectorString

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Version

3.0

UserInteraction

NONE

CvssV2 impact

Version

2.0

VectorString

AV:L/AC:L/Au:N/C:P/I:P/A:P

AccessVector

LOCAL

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

PARTIAL

IntegrityImpact

PARTIAL

AvailabilityImpact

PARTIAL

BaseScore

4.599999904632568

Created by Yello
About Severity.io