CVE-2023-26088

Published: Mar 23, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In Malwarebytes before 4.5.23, a symbolic link may be used delete any arbitrary file on the system by exploiting the local quarantine system. It can also lead to privilege escalation in certain scenarios.

Affected (1)

Products: Malwarebytes: Malwarebytes

Malwarebytes

1 product

Malwarebytes

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Malwarebytes Malwarebytes	Before 4.5.23

Related CWEs

CWE-59

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (4)

https://support.malwarebytes.com/hc/en-us/articles/14279575968659-Malwarebytes-for-Windows-4-5-23-Release-Notes

Source: cve@mitre.org

Release Notes

https://www.malwarebytes.com/secure/cves/cve-2023-26088

Source: cve@mitre.org

Vendor Advisory

https://support.malwarebytes.com/hc/en-us/articles/14279575968659-Malwarebytes-for-Windows-4-5-23-Release-Notes

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://www.malwarebytes.com/secure/cves/cve-2023-26088

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.