Denial of Service Vulnerability in Malwarebytes Premium Product by Malwarebytes
CVE-2018-5272

7.8HIGH

Key Information:

Vendor: Malwarebytes
Status: Malwarebytes
Vendor: CVE Published:; 8 January 2018

🔔 Create Malwarebytes Vulnerability Alert

What is CVE-2018-5272?

In Malwarebytes Premium version 3.3.1.2183, a vulnerability exists in the driver file FARFLT.SYS that allows local attackers to trigger a denial of service (BSOD) by sending unvalidated input via IOCtl 0x9c40e004. This issue poses potential security risks and may lead to disruptions in service. Although the vendor has indicated that they were unable to replicate the issue across different Windows operating systems, it remains critical for users to be aware of this vulnerability and apply necessary security measures.

References

https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwareby...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 8, 2018
Vulnerability Reserved
Jan 7, 2018

CVE-2018-5272 Data

JSON