CVE-2014-4936

Published: Dec 16, 2014Modified: May 6, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable.

Affected (2)

Products: Malwarebytes: Malwarebytes Anti Exploit, Malwarebytes Anti Malware

2 products

Malwarebytes Anti Exploit

Malwarebytes Anti Malware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Malwarebytes Malwarebytes Anti Exploit	Up to 1.04.1.1012

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Malwarebytes Malwarebytes Anti Malware	Up to 2.02

Related CWEs

Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

References (4)

http://blog.0x3a.com/post/104954032239/cve-2014-4936-malwarebytes-anti-malware-and

Source: cve@mitre.org

Exploit

http://packetstormsecurity.com/files/130244/Malwarebytes-Anti-Malware-Anti-Exploit-Update-Remote-Code-Execution.html

Source: cve@mitre.org

http://blog.0x3a.com/post/104954032239/cve-2014-4936-malwarebytes-anti-malware-and

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://packetstormsecurity.com/files/130244/Malwarebytes-Anti-Malware-Anti-Exploit-Update-Remote-Code-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.