Lucene search
HistoryDec 16, 2014 - 6:59 p.m.
CVE-2014-4936
malwarebytes
anti-malware
anti-exploit
cve-2014-4936
man-in-the-middle
security vulnerability
arbitrary code
nvd
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.4 High
AI Score
Confidence
Low
0.012 Low
EPSS
Percentile
85.3%
The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable.
Affected configurations
Node
malwarebytesmalwarebytes_anti-exploitRange≤1.04.1.1012consumer
Node
malwarebytesmalwarebytes_anti-malwareRange≤2.02consumer
| CPE | Name | Operator | Version |
|---|---|---|---|
| malwarebytes:malwarebytes_anti-exploit | malwarebytes malwarebytes anti-exploit | le | 1.04.1.1012 |
Related
zdt
zdt
openvas
openvas
metasploit
metasploit
Malwarebytes Anti-Malware and Anti-Exploit Update Remote Code Execution
2015-02-03 20:08:25
nvd
nvd
CVE-2014-4936
2014-12-16 18:59:02
prion
prion
Design/Logic Flaw
2014-12-16 18:59:00
nessus
nessus
Malwarebytes Anti-Exploit < 1.04.1.1012 RCE
2015-06-03 00:00:00
packetstorm
packetstorm
Malwarebytes Anti-Malware / Anti-Exploit Update Remote Code Execution
2015-02-04 00:00:00
cvelist
cvelist
CVE-2014-4936
2014-12-16 18:00:00
exploitdb
exploitdb
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.4 High
AI Score
Confidence
Low
0.012 Low
EPSS
Percentile
85.3%
Related for CVE-2014-4936