CVE-2016-10717
Severity CVSS v4.0:
Pending analysis
Type:
CWE-254
Security Features
Publication date:
21/03/2018
Last modified:
18/04/2018
Description
A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Base Score 2.0
4.60
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:malwarebytes:malwarebytes_anti-malware:2.2.1:*:*:*:consumer:*:*:* |
To consult the complete list of CPE names with products and versions, see this page