CVE-2014-4936

The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable.
Configurations

Configuration 1 (hide)

cpe:2.3:a:malwarebytes:malwarebytes_anti-exploit:*:*:*:*:consumer:*:*:*

Configuration 2 (hide)

cpe:2.3:a:malwarebytes:malwarebytes_anti-malware:*:*:*:*:consumer:*:*:*

History

21 Nov 2024, 02:11

Type Values Removed Values Added
References () http://blog.0x3a.com/post/104954032239/cve-2014-4936-malwarebytes-anti-malware-and - Exploit () http://blog.0x3a.com/post/104954032239/cve-2014-4936-malwarebytes-anti-malware-and - Exploit
References () http://packetstormsecurity.com/files/130244/Malwarebytes-Anti-Malware-Anti-Exploit-Update-Remote-Code-Execution.html - () http://packetstormsecurity.com/files/130244/Malwarebytes-Anti-Malware-Anti-Exploit-Update-Remote-Code-Execution.html -

Information

Published : 2014-12-16 18:59

Updated : 2024-11-21 02:11


NVD link : CVE-2014-4936

Mitre link : CVE-2014-4936

CVE.ORG link : CVE-2014-4936


JSON object : View

Products Affected

malwarebytes

  • malwarebytes_anti-malware
  • malwarebytes_anti-exploit
CWE
CWE-345

Insufficient Verification of Data Authenticity