CVE-2016-10717 - OpenCVE

A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Malwarebytes	Malwarebytes Anti-malware

Configuration 1 [-]

cpe:2.3:a:malwarebytes:malwarebytes_anti-malware:2.2.1:*:*:*:consumer:*:*:*

No data.

References

Link	Providers
http://www.securitytube.net/video/16690
https://forums.malwarebytes.com/topic/158251-malwarebytes-hall-of-fame/
https://github.com/mspaling/mbam-exclusions-poc-
https://github.com/mspaling/mbam-exclusions-poc-/blob/master/mbam-whitelist-poc.txt
https://www.youtube.com/watch?v=LF5ic5nOoUY

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-03-21T21:00:00

Updated: 2024-08-06T03:30:20.307Z

Reserved: 2018-03-21T00:00:00

Link: CVE-2016-10717

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-03-21T21:29:00.280

Modified: 2018-04-18T13:22:36.500

Link: CVE-2016-10717

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-03-21T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-03-21T21:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.youtube.com/watch?v=LF5ic5nOoUY"}, {"tags": ["x_refsource_MISC"], "url": "http://www.securitytube.net/video/16690"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/mspaling/mbam-exclusions-poc-/blob/master/mbam-whitelist-poc.txt"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/mspaling/mbam-exclusions-poc-"}, {"tags": ["x_refsource_MISC"], "url": "https://forums.malwarebytes.com/topic/158251-malwarebytes-hall-of-fame/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-10717", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.youtube.com/watch?v=LF5ic5nOoUY", "refsource": "MISC", "url": "https://www.youtube.com/watch?v=LF5ic5nOoUY"}, {"name": "http://www.securitytube.net/video/16690", "refsource": "MISC", "url": "http://www.securitytube.net/video/16690"}, {"name": "https://github.com/mspaling/mbam-exclusions-poc-/blob/master/mbam-whitelist-poc.txt", "refsource": "MISC", "url": "https://github.com/mspaling/mbam-exclusions-poc-/blob/master/mbam-whitelist-poc.txt"}, {"name": "https://github.com/mspaling/mbam-exclusions-poc-", "refsource": "MISC", "url": "https://github.com/mspaling/mbam-exclusions-poc-"}, {"name": "https://forums.malwarebytes.com/topic/158251-malwarebytes-hall-of-fame/", "refsource": "MISC", "url": "https://forums.malwarebytes.com/topic/158251-malwarebytes-hall-of-fame/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T03:30:20.307Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.youtube.com/watch?v=LF5ic5nOoUY"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.securitytube.net/video/16690"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/mspaling/mbam-exclusions-poc-/blob/master/mbam-whitelist-poc.txt"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/mspaling/mbam-exclusions-poc-"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://forums.malwarebytes.com/topic/158251-malwarebytes-hall-of-fame/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-10717", "datePublished": "2018-03-21T21:00:00", "dateReserved": "2018-03-21T00:00:00", "dateUpdated": "2024-08-06T03:30:20.307Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:malwarebytes:malwarebytes_anti-malware:2.2.1:*:*:*:consumer:*:*:*", "matchCriteriaId": "0204A27F-1DB9-4D9F-8E07-44B18DE98D30", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP."}, {"lang": "es", "value": "Una vulnerabilidad en la implementaci\u00f3n de cifrado y permisos de Malwarebytes Anti-Malware, en versiones de consumidor 2.2.1 y anteriores (solucionada en 3.0.4), permite que un atacante asuma el control de la caracter\u00edstica de lista blanca (exclusions.dat en %SYSTEMDRIVE%\\ProgramData) para permitir la ejecuci\u00f3n de aplicaciones no autorizadas, incluyendo malware y sitios web maliciosos. Los archivos que Malwarebytes Malware Protect ha colocado en la lista negra pueden ser ejecutados y, adem\u00e1s, los dominios que Malwarebytes Web Protect ha colocado en la lista negra pueden alcanzarse mediante HTTP."}], "id": "CVE-2016-10717", "lastModified": "2018-04-18T13:22:36.500", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-21T21:29:00.280", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.securitytube.net/video/16690"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://forums.malwarebytes.com/topic/158251-malwarebytes-hall-of-fame/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/mspaling/mbam-exclusions-poc-"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/mspaling/mbam-exclusions-poc-/blob/master/mbam-whitelist-poc.txt"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.youtube.com/watch?v=LF5ic5nOoUY"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-254"}], "source": "nvd@nist.gov", "type": "Primary"}]}