CVE-2014-4936
Malwarebytes Anti-Malware < 2.0.3 / Anti-Exploit < 1.03.1.1220 - Update Code Execution
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
4
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable.
La funcionalidad de actualización en el consumidor Malwarebytes Anti-Malware (MBAM) anterior a 2.0.3 y el consumidor Malwarebytes Anti-Exploit (MBAE) 1.04.1.1012 y anteriores permiten a atacantes man-in-the-middle ejecutar código arbitrario mediante la falsificación del servidor de actualización y la subida de un ejecutable.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-07-11 CVE Reserved
- 2014-12-11 First Exploit
- 2014-12-16 CVE Published
- 2024-08-06 CVE Updated
- 2025-04-02 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-345: Insufficient Verification of Data Authenticity
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/130244/Malwarebytes-Anti-Malware-Anti-Exploit-Update-Remote-Code-Execution.html | X_refsource_misc |
|
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/130244 | 2015-02-04 | |
| https://www.exploit-db.com/exploits/41701 | 2014-12-16 | |
| https://github.com/0x3a/CVE-2014-4936 | 2014-12-11 | |
| http://blog.0x3a.com/post/104954032239/cve-2014-4936-malwarebytes-anti-malware-and | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Malwarebytes Search vendor "Malwarebytes" | Malwarebytes Anti-exploit Search vendor "Malwarebytes" for product "Malwarebytes Anti-exploit" | <= 1.04.1.1012 Search vendor "Malwarebytes" for product "Malwarebytes Anti-exploit" and version " <= 1.04.1.1012" | consumer |
Affected
| ||||||
| Malwarebytes Search vendor "Malwarebytes" | Malwarebytes Anti-malware Search vendor "Malwarebytes" for product "Malwarebytes Anti-malware" | <= 2.02 Search vendor "Malwarebytes" for product "Malwarebytes Anti-malware" and version " <= 2.02" | consumer |
Affected
| ||||||