Malwarebytes Anti-Exploit 1.03.1.1220/1.04.1.1012 - Out-of-Bounds Read Denial of Service

/ Exploit Title - MalwareBytes Anti-Exploit Out-of-bounds Read DoS Date - 19th January 2015 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - https://www.malwarebytes.org Tested Version - 1.03.1.1220, 1.04.1.1012 Driver Version - no version set - mbae.sys Tested on OS - 32bit Windows XP S...

CVE-2014-100039

mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local users to cause a denial of service crash via a crafted size in an unspecified IOCTL call, which triggers an out-of-bounds read. NOTE: some of these details are obtained from third party information...

Out-of-bounds

mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local users to cause a denial of service crash via a crafted size in an unspecified IOCTL call, which triggers an out-of-bounds read. NOTE: some of these details are obtained from third party information...

CVE-2014-100039

Summary of CVE-2014-100039 : The Malwarebytes Anti-Exploit driver mbae.sys is vulnerable to a local DoS via an out-of-bounds read triggered by a crafted size in an unspecified IOCTL call, affecting versions prior to 1.05.1.2014. Reported impact is a crash/denial of service with local access. The ...

CVE-2014-100039

mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local users to cause a denial of service crash via a crafted size in an unspecified IOCTL call, which triggers an out-of-bounds read. NOTE: some of these details are obtained from third party information...

Malwarebytes Anti-Malware < 2.0.3 'Upgrade' MITM Vulnerability - Windows

Malwarebytes Anti-Malware is prone to a man-in-the-middle MITM vulnerability through it SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Malwarebytes Anti-Exploit Detection (Windows SMB Login)

Detects the installed version of Malwarebytes Anti-Exploit. The script logs in via smb, searches for Malwarebytes Anti-Malware in the registry and gets the version from SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright...

Malwarebytes Anti-Exploit < 1.04.1.1012 'Upgrade' MITM Vulnerability - Windows

Malwarebytes Anti-Exploit is prone to a man-in-the-middle MITM vulnerability through it SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Malwarebytes Anti-Malware Detection (Windows SMB Login)

Detects the installed version of Malwarebytes Anti-Malware. The script logs in via smb, searches for Malwarebytes Anti-Malware in the registry and gets the version from SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright...

Malwarebytes Anti-Exploit < 1.05.1.1014 DoS Vulnerability - Windows

Malwarebytes Anti-Exploit is prone to denial of service DoS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2014-4936

The upgrade functionality in Malwarebytes Anti-Malware MBAM consumer before 2.0.3 and Malwarebytes Anti-Exploit MBAE consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable...

Design/Logic Flaw

The upgrade functionality in Malwarebytes Anti-Malware MBAM consumer before 2.0.3 and Malwarebytes Anti-Exploit MBAE consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable...

CVE-2014-4936

The upgrade functionality in Malwarebytes Anti-Malware MBAM consumer before 2.0.3 and Malwarebytes Anti-Exploit MBAE consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable...

CVE-2014-4936

CVE-2014-4936 affects Malwarebytes Anti-Malware (MBAM) consumer pre-2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer ≤1.04.1.1012. Multiple public and security feeds describe a MITM vulnerability in the update mechanism: an attacker spoofing the update server can upload and execute arbitrary c...

Malwarebytes Anti-Malware &lt; 2.0.3 / Anti-Exploit &lt; 1.03.1.1220 - Update Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Malwarebytes Anti-Malware and Anti-Exploit Update Remote Code Execution', 'Description' = %q This module exploits a vulnerabili...

Spam Tweets 'US Government Trying to Shut Down Bitcoin' Spreading Malware

The Security Software company Malwarebytes has discovered a malicious scam spreading through rogue tweets by a number of fake Twitter accounts with a link to a story that says the United States Government is trying to ban cryptocurrency Bitcoin. “The majority of the accounts pushing these things...

New IE Zero Day Found Targeting Military Intelligence

Attackers were able to compromise the U.S. Veterans of Foreign Wars’ website this week and serve up a previously unknown zero day exploit in Internet Explorer 10, and while motivation behind the campaign is still unclear, experts are speculating its aim was to procure military intelligence...

Russian Hacker put up an Android Firefox Zero-Day Exploit for Sale

A Russian Exploit writer and underground Hacker who goes by the handle "fil9" put up an Android Firefox Zero-Day Exploit for Sale in an open Exploit Market. Author claims a Zero Day vulnerability in Firefox for Android, which works on Firefox versions 23/24/26 Nightly. The advertisement was spott...

FBI themed Mac OS X Ransomware Malware demands $300 Fine

Ransomware is a type of malware that attempts to extort money from a computer user by infecting and taking control of the victim's machine, or the files or documents stored on it. This kind of malware has typically been the domain of Windows users, but has made its way to OS X. A new piece of FBI...

FBI themed Mac OS X Ransomware Malware demands $300 Fine

Ransomware is a type of malware that attempts to extort money from a computer user by infecting and taking control of the victim's machine, or the files or documents stored on it. This kind of malware has typically been the domain of Windows users, but has made its way to OS X. A new piece of FBI...