← back
CVE-2014-4936

CVE-2014-4936

EPSS 16.8%
The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable.
Affected products
n/a · n/a
public PoCs found3
githubgithub.com/0x3a/CVE-2014-49367cve_referencepacketstormsecurity.com/files/130244/Malwarebytes-Anti-Malware-Anti-Exploit-Update-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/41701unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://blog.0x3a.com/post/104954032239/cve-2014-4936-malwarebytes-anti-malware-andhttp://packetstormsecurity.com/files/130244/Malwarebytes-Anti-Malware-Anti-Exploit-Update-Remote-Code-Execution.html