CVE-2016-10717 - OpenCVE

A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Malwarebytes	Malwarebytes Anti-malware

Configuration 1 [-]

cpe:2.3:a:malwarebytes:malwarebytes_anti-malware:2.2.1:*:*:*:consumer:*:*:*

References

Link	Resource
http://www.securitytube.net/video/16690	Third Party Advisory
https://forums.malwarebytes.com/topic/158251-malwarebytes-hall-of-fame/	Vendor Advisory
https://github.com/mspaling/mbam-exclusions-poc-	Exploit Third Party Advisory
https://github.com/mspaling/mbam-exclusions-poc-/blob/master/mbam-whitelist-poc.txt	Exploit Third Party Advisory
https://www.youtube.com/watch?v=LF5ic5nOoUY	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-03-21T21:00:00

Updated: 2018-03-21T21:57:01

Reserved: 2018-03-21T00:00:00

Link: CVE-2016-10717

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-03-21T21:29:00.280

Modified: 2018-04-18T13:22:36.500

Link: CVE-2016-10717

JSON object: View

Redhat Information

No data.

CWE

CWE-254

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-03-21T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-03-21T21:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.youtube.com/watch?v=LF5ic5nOoUY"}, {"tags": ["x_refsource_MISC"], "url": "http://www.securitytube.net/video/16690"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/mspaling/mbam-exclusions-poc-/blob/master/mbam-whitelist-poc.txt"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/mspaling/mbam-exclusions-poc-"}, {"tags": ["x_refsource_MISC"], "url": "https://forums.malwarebytes.com/topic/158251-malwarebytes-hall-of-fame/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-10717", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.youtube.com/watch?v=LF5ic5nOoUY", "refsource": "MISC", "url": "https://www.youtube.com/watch?v=LF5ic5nOoUY"}, {"name": "http://www.securitytube.net/video/16690", "refsource": "MISC", "url": "http://www.securitytube.net/video/16690"}, {"name": "https://github.com/mspaling/mbam-exclusions-poc-/blob/master/mbam-whitelist-poc.txt", "refsource": "MISC", "url": "https://github.com/mspaling/mbam-exclusions-poc-/blob/master/mbam-whitelist-poc.txt"}, {"name": "https://github.com/mspaling/mbam-exclusions-poc-", "refsource": "MISC", "url": "https://github.com/mspaling/mbam-exclusions-poc-"}, {"name": "https://forums.malwarebytes.com/topic/158251-malwarebytes-hall-of-fame/", "refsource": "MISC", "url": "https://forums.malwarebytes.com/topic/158251-malwarebytes-hall-of-fame/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-10717", "datePublished": "2018-03-21T21:00:00", "dateReserved": "2018-03-21T00:00:00", "dateUpdated": "2018-03-21T21:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:malwarebytes:malwarebytes_anti-malware:2.2.1:*:*:*:consumer:*:*:*", "matchCriteriaId": "0204A27F-1DB9-4D9F-8E07-44B18DE98D30", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP."}, {"lang": "es", "value": "Una vulnerabilidad en la implementaci\u00f3n de cifrado y permisos de Malwarebytes Anti-Malware, en versiones de consumidor 2.2.1 y anteriores (solucionada en 3.0.4), permite que un atacante asuma el control de la caracter\u00edstica de lista blanca (exclusions.dat en %SYSTEMDRIVE%\\ProgramData) para permitir la ejecuci\u00f3n de aplicaciones no autorizadas, incluyendo malware y sitios web maliciosos. Los archivos que Malwarebytes Malware Protect ha colocado en la lista negra pueden ser ejecutados y, adem\u00e1s, los dominios que Malwarebytes Web Protect ha colocado en la lista negra pueden alcanzarse mediante HTTP."}], "id": "CVE-2016-10717", "lastModified": "2018-04-18T13:22:36.500", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-21T21:29:00.280", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.securitytube.net/video/16690"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://forums.malwarebytes.com/topic/158251-malwarebytes-hall-of-fame/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/mspaling/mbam-exclusions-poc-"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/mspaling/mbam-exclusions-poc-/blob/master/mbam-whitelist-poc.txt"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.youtube.com/watch?v=LF5ic5nOoUY"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-254"}], "source": "nvd@nist.gov", "type": "Primary"}]}