Arbitrary File Deletion and Denial of Service in Malwarebytes Anti-Exploit
CVE-2023-27469

7.1HIGH

Key Information:

Vendor: Malwarebytes
Status: Anti-exploit
Vendor: CVE Published:; 30 June 2023

🔔 Create Malwarebytes Vulnerability Alert

What is CVE-2023-27469?

Malwarebytes Anti-Exploit version 4.4.0.220 is exposed to a vulnerability that allows for arbitrary file deletion and denial of service. This occurs due to a flaw in the handling of an ALPC message, specifically where the FullFileNamePath variable is not properly terminated with a null character ('\0'). This oversight can be exploited by attackers to manipulate file paths and potentially disrupt service availability.

References

https://malwarebytes.com

https://www.malwarebytes.com/secure/cves/cve-2023-27469

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2023
Vulnerability Reserved
Mar 1, 2023

CVE-2023-27469 Data

JSON