Vulnerability Details : CVE-2016-10717
Potential exploit
A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP.
Products affected by CVE-2016-10717
- cpe:2.3:a:malwarebytes:malwarebytes_anti-malware:2.2.1:*:*:*:consumer:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-10717
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-10717
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2016-10717
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-10717
-
https://github.com/mspaling/mbam-exclusions-poc-/blob/master/mbam-whitelist-poc.txt
mbam-exclusions-poc-/mbam-whitelist-poc.txt at master · mspaling/mbam-exclusions-poc- · GitHubExploit;Third Party Advisory
-
http://www.securitytube.net/video/16690
Bsideslv 2016 - You Don't See Me - Abusing Whitelists To Hide And Run Malware - Michael SpalingThird Party Advisory
-
https://github.com/mspaling/mbam-exclusions-poc-
GitHub - mspaling/mbam-exclusions-poc-: Proof of concept python file that will overwrite a valid exclusions.dat with a crafted exclusions.dat which permits malicious files to run.Exploit;Third Party Advisory
-
https://forums.malwarebytes.com/topic/158251-malwarebytes-hall-of-fame/
Malwarebytes Hall of Fame - Malwarebytes News - Malwarebytes ForumsVendor Advisory
-
https://www.youtube.com/watch?v=LF5ic5nOoUY
You Don't See Me - Abusing Whitelists to Hide and Run Malware - Michael Spaling - YouTubeThird Party Advisory
Jump to