Arbitrary Code Execution Flaw in Malwarebytes Premium Security Software
CVE-2024-44744

5.7MEDIUM

Key Information:

Vendor: Malwarebytes
Status: Malwarebytes Premium Security
Vendor: CVE Published:; 1 October 2024

🔔 Create Malwarebytes Vulnerability Alert

What is CVE-2024-44744?

An issue exists within Malwarebytes Premium Security version 5.0.0.883 that allows an attacker to execute arbitrary code by placing specially crafted binaries in certain directories. This vulnerability necessitates administrative privileges for exploitation; thus, it limits access for non-administrative users to modify the affected files. Users should ensure their installations are updated to mitigate potential risks associated with this issue.

References

https://googleprojectzero.blogspot.com/2016/02/the-defini...

https://medium.com/%40danielshaulov01/malwarebytes-premiu...

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2024
Vulnerability Reserved
Aug 21, 2024

CVE-2024-44744 Data

JSON