CVE-2023-26088 - Malwarebytes for Windows - Arbitrary file deletion and privilege escalation

 

SUMMARY:

 In Malwarebytes before 4.5.22.236, a symbolic link may be used delete any arbitrary file on the system by exploiting the local quarantine system. It can also lead to privilege escalation in certain scenarios.

AFFECTED VERSIONS

  • Malwarebytes for Windows < v4.5.22.236

PATCHED VERSIONS

  • Malwarebytes for Windows: v4.5.22.236.

MITIGATION ADVICE

We recommend upgrading the affected endpoints to the patched versions.

DETAILS

CWE CVS 3.x Vector
CWE-269: Improper Privilege Management 8.6 High Local

Select your language

New Buy Online Partner Icon Warning Icon Edge icon