Vulnerability in Encryption for Malwarebytes Anti-Malware by Malwarebytes
CVE-2016-10717

7.8HIGH

Key Information:

Vendor

Malwarebytes

Status
Malwarebytes Anti-malware
Vendor
CVE Published:
21 March 2018

What is CVE-2016-10717?

A vulnerability in Malwarebytes Anti-Malware prior to version 3.0.4 allows attackers to exploit the encryption and permissions mechanism, manipulating the exclusions.dat file. This enables unauthorized applications, including malware, to execute and access previously blacklisted files and domains. As a result, malware that should be blocked by Malwarebytes can bypass protection measures, exposing users to significant security risks.

References

https://www.youtube.com/watch?v=LF5ic5nOoUY
x_refsource_MISC
http://www.securitytube.net/video/16690
x_refsource_MISC
https://github.com/mspaling/mbam-exclusions-poc-/blob/mas...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.