CVE-2020-28641

Description

In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system.

Related CPE's

amalwarebytesmalwarebytes4.1.0.56***freewindows**

amalwarebytesendpoint_protection********

References

https://support.malwarebytes.com/hc/en-us/articles/360058885974-Arbitrary-file-deletion-vulnerability-fixed-in-Malwarebytes-for-Windows

Vendor Advisory

https://www.malwarebytes.com

Product

https://support.malwarebytes.com/hc/en-us/articles/1500000403501-Arbitrary-file-deletion-vulnerability-fixed-in-Malwarebytes-Endpoint-Protection

Vendor Advisory

CvssV3 impact

BaseSeverity

HIGH

ConfidentialityImpact

NONE

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

LOCAL

AvailabilityImpact

HIGH

IntegrityImpact

HIGH

PrivilegesRequired

LOW

BaseScore

7.1

VectorString

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Version

3.1

UserInteraction

NONE

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

NONE

AvailabilityImpact

COMPLETE

IntegrityImpact

COMPLETE

BaseScore

6.599999904632568

VectorString

AV:L/AC:L/Au:N/C:N/I:C/A:C

Version

2.0

AccessVector

LOCAL

Authentication

NONE

Created by Yello
About Severity.io