CVE-2018-5272
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e004. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).
** EN DISPUTA ** En Malwarebytes Premium 3.3.1.2183, el archivo del controlador (FARFLT.SYS) permite que usuarios locales provoquen una denegaciĆ³n de servicio (BSOD) o que, posiblemente, tengan otro impacto sin especificar debido a que no valida los valores de entrada desde IOCtl 0x9c40e004. NOTA: El fabricante ha indicado que "no han sido capaces de reproducir el problema en ninguna versiĆ³n del sistema operativo de Windows (32 o 64 bits)".
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-01-07 CVE Reserved
- 2018-01-08 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e004 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Malwarebytes Search vendor "Malwarebytes" | Malwarebytes Search vendor "Malwarebytes" for product "Malwarebytes" | 3.3.1.2183 Search vendor "Malwarebytes" for product "Malwarebytes" and version "3.3.1.2183" | premium |
Affected
|