CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28892
https://notcve.org/view.php?id=CVE-2023-28892
29 Mar 2023 — Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleaner_Debug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link. • https://forums.malwarebytes.com/topic/307429-release-adwcleaner-841 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11507
https://notcve.org/view.php?id=CVE-2020-11507
06 Apr 2020 — An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0.3 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded. Una vulnerabilidad de Ruta de Búsqueda No Confiable en Malwarebytes AdwCleaner versión 8.0.3, podría causar una ejecución de código arbitraria con privilegios SYSTEM cuando una biblioteca DLL maliciosa se cargada. • https://forums.malwarebytes.com/topic/258140-release-adwcleaner-804 • CWE-426: Untrusted Search Path •