module
Malwarebytes Anti-Malware and Anti-Exploit Update Remote Code Execution
| Disclosed | Created |
|---|---|
| 2014-12-16 | 2018-05-30 |
Disclosed
2014-12-16
Created
2018-05-30
Description
This module exploits a vulnerability in the update functionality of
Malwarebytes Anti-Malware consumer before 2.0.3 and Malwarebytes
Anti-Exploit consumer 1.03.1.1220.
Due to the lack of proper update package validation, a man-in-the-middle
(MITM) attacker could execute arbitrary code by spoofing the update server
data-cdn.mbamupdates.com and uploading an executable. This module has
been tested successfully with MBAM 2.0.2.1012 and MBAE 1.03.1.1220.
Malwarebytes Anti-Malware consumer before 2.0.3 and Malwarebytes
Anti-Exploit consumer 1.03.1.1220.
Due to the lack of proper update package validation, a man-in-the-middle
(MITM) attacker could execute arbitrary code by spoofing the update server
data-cdn.mbamupdates.com and uploading an executable. This module has
been tested successfully with MBAM 2.0.2.1012 and MBAE 1.03.1.1220.
Authors
Yonathan Klijnsma
Gabor Seljan
todb todb@metasploit.com
Gabor Seljan
todb todb@metasploit.com
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.