CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25089
https://notcve.org/view.php?id=CVE-2024-25089
04 Feb 2024 — Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes. Malwarebytes Binisoft Windows Firewall Control anterior a 6.9.9.2 permite a atacantes remotos ejecutar código arbitrario a través de canalizaciones con nombre gRPC. • https://hackerone.com/reports/2300061 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-36631
https://notcve.org/view.php?id=CVE-2023-36631
26 Jun 2023 — Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. NOTE: the vendor's perspective is "this is intended behavior as the application can be locked using a password." • https://hackerone.com/reports/2000375 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25150
https://notcve.org/view.php?id=CVE-2022-25150
14 Feb 2022 — In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, programs executed from the Tools tab can be used to escalate privileges. En Malwarebytes Binisoft Windows Firewall Control versiones anteriores a 6.8.1.0, los programas ejecutados desde la pestaña Herramientas pueden ser usados para escalar privilegios • https://binisoft.org/changelog.txt • CWE-269: Improper Privilege Management •