Jump to content
Massaro

Malwarebytes Antivirus 2.2.0 - DoS PoC

By Massaro, in Exploituri

Recommended Posts

Massaro Enthusiast

Massaro

Posted
Posted 

#####################################################################################

Application:   Malwarebytes Antivirus
Platforms:   Windows
Versions:   2.2.0.
CVE:   No CVE have been assigned
Author:   Francis Provencher of COSIG
Twitter:   @cosiG_
#####################################################################################

1) Introduction
2) Report Timeline
3) Technical details
4) POC

#####################################################################################

===============
1) Introduction
===============

Malwarebytes Anti-Malware (MBAM) is an application for computers running under the Microsoft Windows and Apple OS Xoperating system that finds and removes malware.[3] Made by Malwarebytes Corporation, it was first released in January 2008. It is available in a free version, which scans for and removes malware when started manually, and a paid version, which additionally provides scheduled scans, real-time protection and a flash memory scanner.

([url]http://www.oracle.com/us/technologies/embedded/025613.htm[/url])

#####################################################################################

============================
2) Report Timeline
============================

2015-11-28: Francis Provencher of COSIG found the issue;
2015-11-30: Francis Provencher of COSIG report vulnerability to Malwarebytes;
2015-12-02: Malwarebytes release a patch for this issue;

#####################################################################################

============================
3) Technical details
============================

When a malformed executable with an invalid integer (-1) in the “SizeOfRawData” in UPX section is parsed by Malwarebytes, a memory corruption occured. Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

#####################################################################################

===========

4) POC
[url]https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/38858.exe[/url]

Sursa: https://www.exploit-db.com/exploits/38858/.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...