CVE-2018-5270
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e010. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).
** EN DISPUTA ** En Malwarebytes Premium 3.3.1.2183, el archivo del controlador (FARFLT.SYS) permite que usuarios locales provoquen una denegaciĆ³n de servicio (BSOD) o que, posiblemente, tengan otro impacto sin especificar debido a que no valida los valores de entrada desde IOCtl 0x9c40e010. NOTA: El fabricante ha indicado que "no han sido capaces de reproducir el problema en ninguna versiĆ³n del sistema operativo de Windows (32 o 64 bits)".
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2018-01-07 CVE Reserved
- 2018-01-08 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e010 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Malwarebytes Search vendor "Malwarebytes" | Malwarebytes Search vendor "Malwarebytes" for product "Malwarebytes" | 3.3.1.2183 Search vendor "Malwarebytes" for product "Malwarebytes" and version "3.3.1.2183" | premium |
Affected
| ||||||