Vulnerability CVE-2016-10717


Published: 2018-03-21   Modified: 2018-03-22

Description:
A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP.

Type:

CWE-254

(Security Features)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.6/10
6.4/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Malwarebytes -> Malwarebytes anti-malware 

 References:
http://www.securitytube.net/video/16690
https://forums.malwarebytes.com/topic/158251-malwarebytes-hall-of-fame/
https://github.com/mspaling/mbam-exclusions-poc
-
https://github.com/mspaling/mbam-exclusions-poc-/blob/master/mbam-whitelist-poc.txt
https://www.youtube.com/watch?v=LF5ic5nOoUY

Copyright 2021, cxsecurity.com

 

Back to Top