CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25089
https://notcve.org/view.php?id=CVE-2024-25089
Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes. Malwarebytes Binisoft Windows Firewall Control anterior a 6.9.9.2 permite a atacantes remotos ejecutar código arbitrario a través de canalizaciones con nombre gRPC. • https://hackerone.com/reports/2300061 https://www.binisoft.org/changelog.txt • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-36631
https://notcve.org/view.php?id=CVE-2023-36631
Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. NOTE: the vendor's perspective is "this is intended behavior as the application can be locked using a password." • https://hackerone.com/reports/2000375 https://www.bencteux.fr/posts/malwarebytes_wfc •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25150
https://notcve.org/view.php?id=CVE-2022-25150
In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, programs executed from the Tools tab can be used to escalate privileges. En Malwarebytes Binisoft Windows Firewall Control versiones anteriores a 6.8.1.0, los programas ejecutados desde la pestaña Herramientas pueden ser usados para escalar privilegios • https://binisoft.org/changelog.txt https://hackerone.com/bugs?report_id=1205932 • CWE-269: Improper Privilege Management •