Massaro Posted December 3, 2015 Report Share Posted December 3, 2015 #####################################################################################Application: Malwarebytes AntivirusPlatforms: WindowsVersions: 2.2.0.CVE: No CVE have been assignedAuthor: Francis Provencher of COSIGTwitter: @cosiG_#####################################################################################1) Introduction2) Report Timeline3) Technical details4) POC#####################################################################################===============1) Introduction===============Malwarebytes Anti-Malware (MBAM) is an application for computers running under the Microsoft Windows and Apple OS Xoperating system that finds and removes malware.[3] Made by Malwarebytes Corporation, it was first released in January 2008. It is available in a free version, which scans for and removes malware when started manually, and a paid version, which additionally provides scheduled scans, real-time protection and a flash memory scanner.([url]http://www.oracle.com/us/technologies/embedded/025613.htm[/url])#####################################################################################============================2) Report Timeline============================2015-11-28: Francis Provencher of COSIG found the issue;2015-11-30: Francis Provencher of COSIG report vulnerability to Malwarebytes;2015-12-02: Malwarebytes release a patch for this issue;#####################################################################################============================3) Technical details============================When a malformed executable with an invalid integer (-1) in the “SizeOfRawData” in UPX section is parsed by Malwarebytes, a memory corruption occured. Successful exploitation of the vulnerabilities may allow execution of arbitrary code.#####################################################################################===========4) POC[url]https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/38858.exe[/url]Sursa: https://www.exploit-db.com/exploits/38858/. Quote Link to comment Share on other sites More sharing options...
