Malwarebytes: >> Malwarebytes Anti-Exploit Security Vulnerabilities
mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local users to cause a denial of service (crash) via a crafted size in an unspecified IOCTL call, which triggers an out-of-bounds read. NOTE: some of these details are obtained from third party information.
CVSS Score
2.1
EPSS Score
0.002
Published
2015-01-13
The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable.
CVSS Score
9.3
EPSS Score
0.206
Published
2014-12-16