CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28892
https://notcve.org/view.php?id=CVE-2023-28892
Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleaner_Debug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link. • https://forums.malwarebytes.com/topic/307429-release-adwcleaner-841 https://malwarebytes.com https://www.malwarebytes.com/secure/cves/cve-2023-28892 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11507
https://notcve.org/view.php?id=CVE-2020-11507
An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0.3 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded. Una vulnerabilidad de Ruta de Búsqueda No Confiable en Malwarebytes AdwCleaner versión 8.0.3, podría causar una ejecución de código arbitraria con privilegios SYSTEM cuando una biblioteca DLL maliciosa se cargada. • https://forums.malwarebytes.com/topic/258140-release-adwcleaner-804 • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19929
https://notcve.org/view.php?id=CVE-2019-19929
An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner before 8.0.1 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded by the product. Una vulnerabilidad de Ruta de Búsqueda No Confiable en Malwarebytes AdwCleaner versiones anteriores a 8.0.1, podría causar una ejecución de código arbitrario con privilegios SYSTEM cuando el producto carga una biblioteca DLL maliciosa. • https://borncity.com/win/2019/12/19/adwcleaner-8-0-1-closes-a-dll-hijacking-vulnerability https://forums.malwarebytes.com/topic/254898-release-adwcleaner-801 https://www.bleepingcomputer.com/news/software/adwcleaner-801-fixes-dll-hijacking-vulnerability • CWE-426: Untrusted Search Path •