CVE-2019-6739 – Malwarebytes Anti-Malware URI Handler Remote Command Execution Vulnerability

https://notcve.org/view.php?id=CVE-2019-6739

20 Feb 2019 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Malwarebytes Antimalware 3.6.1.2711. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. There is an issue with the way the product handles URIs within certain schemes. The product does not warn the user that a dangerous navigation is about to take place. Because special characters in the URI are not sanitized, this could lead to the execution of arbi... • https://www.zerodayinitiative.com/advisories/ZDI-19-223 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •