Malwarebytes Anti-Malware Consumer 'Whitelist' Security Bypass Vulnerability

# SPDX-FileCopyrightText: 2018 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:malwarebytes:malwarebytes_anti-malware";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.813918");
  script_version("2023-07-20T05:05:17+0000");
  script_cve_id("CVE-2016-10717");
  script_tag(name:"cvss_base", value:"4.6");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_tag(name:"last_modification", value:"2023-07-20 05:05:17 +0000 (Thu, 20 Jul 2023)");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2018-04-18 13:22:00 +0000 (Wed, 18 Apr 2018)");
  script_tag(name:"creation_date", value:"2018-08-21 13:13:25 +0530 (Tue, 21 Aug 2018)");
  script_name("Malwarebytes Anti-Malware Consumer 'Whitelist' Security Bypass Vulnerability");

  script_tag(name:"summary", value:"Malwarebytes Anti-Malware Consumer is prone to a security bypass vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present
  on the target host.");

  script_tag(name:"insight", value:"The flaw exists due to an improper encryption and
  permission implementation.");

  script_tag(name:"impact", value:"Successful exploitation will allow an attacker
  to take control of the whitelisting feature and permit execution of unauthorized
  applications including malware and malicious websites, also, files blacklisted
  by Malwarebytes Malware Protect can be executed, and domains blacklisted by
  Malwarebytes Web Protect can be reached through HTTP.");

  script_tag(name:"affected", value:"Malwarebytes Anti-Malware Consumer version 2.2.1 and prior.");

  script_tag(name:"solution", value:"Upgrade to version 3.0.4 or later. Please see the references for more information.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"registry");
  script_xref(name:"URL", value:"https://forums.malwarebytes.com/topic/158251-malwarebytes-hall-of-fame");
  script_xref(name:"URL", value:"https://github.com/mspaling/mbam-exclusions-poc-");
  script_xref(name:"URL", value:"https://www.malwarebytes.com");

  script_copyright("Copyright (C) 2018 Greenbone AG");
  script_category(ACT_GATHER_INFO);
  script_family("General");
  script_dependencies("gb_malwarebytes_anti_malware_detect_win.nasl");
  script_mandatory_keys("Malwarebytes/Anti-Malware/Win/Installed");
  exit(0);
}

include("version_func.inc");
include("host_details.inc");

if(!infos = get_app_version_and_location(cpe:CPE, nofork: TRUE, exit_no_version:TRUE)) exit(0);
vers = infos['version'];
path = infos['location'];

# version 3.0.4 = 3.0.4.1269
if(version_is_less(version:vers, test_version:"3.0.4.1269"))
{
  report = report_fixed_ver(installed_version:vers, fixed_version:"3.0.4", install_path:path);
  security_message(data:report);
  exit(0);
}