Remote Code Execution in Malwarebytes Antimalware by Malwarebytes
CVE-2019-6739

8.8HIGH

Key Information:

Vendor: Malwarebytes
Status: Antimalware
Vendor: CVE Published:; 3 June 2019

🔔 Create Malwarebytes Vulnerability Alert

What is CVE-2019-6739?

This vulnerability allows attackers to execute arbitrary code on impacted installations of Malwarebytes Antimalware. By exploiting a flaw in the way the product manages URIs, an attacker can navigate a user to a malicious site that may not provide sufficient warnings. Special characters in the URI are not properly sanitized, thus creating an opportunity for arbitrary command execution in the context of the user. User interaction is essential, as the target must visit the harmful web page for the exploitation to occur.

Affected Version(s)

Antimalware 3.6.1.2711

References

https://www.zerodayinitiative.com/advisories/ZDI-19-223/

x_refsource_MISC

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

CVSS V3.0

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 3, 2019
Vulnerability Reserved
Jan 24, 2019

Credit

rgod of 9sg Security Team - rgod@9sgsec.com

CVE-2019-6739 Data

JSON