![]() ![]() For the program upgrading it will download an installer for the latest version. If any of the version requests respond with a higher number than the client itself has it will start downloading a partial or full update/upgrade. When the software, either MBAM or MBAE, starts it will first resolve the Malwarebytes CDN:ġ92.168.2.102 -> 8.8.8.8 (DNS) Standard query A įor MBAM it will start checking versions of the following: Both software packages have no or limited upgrade validation implemented thus allowing anyone who can work out the upgrade protocol to inject their own payload. released on September 5th 2014īoth Anti-Malware and Anti-Exploit have upgrade capabilities through the form of HTTP transfered installation packages. ![]() Vulnerability reported: August 21st 2014.Vulnerablity discovered: August 19th 2014.Vulnerability fixed in version 2.0.3 released on October 3rd 2014.Vulnerability discovered: June 18th 2014.Code for the POC is hosted on my Github repository: Timeline: This blog entry describes the vulnerability, how it works and how you can perform the attack including a POC. Business versions of the products do not use the Malwarebytes CDN for upgrades. One thing to note is that consumer versions of MBAM and MBAE are affected by this. PC and the Malwarebytes Content Delivery Network (CDN). Officially the description for this CVE has become: Malwarebytes Anti-Malware in consumer version 2.0.2 and earlier and MalwarebytesĪnti-Exploit in consumer version 1.03 and earlier allow attackers to execute arbitraryĬode by hijacking the underlying network layer or DNS infrastructure between the client I discovered it was subject to the same upgrade hijacking method.īoth vulnerabilities were scaled under one CVE, it was a shared mechanism (and code). I reported this to Malwarebytes on July 16th, it got a CVE assigned: CVE-2014-4936.Ībout half a month later, around the time Malwarebytes had released their Anti-Exploit product Beta I started to play around with this one as well. After figuring out the protocol I could push my own upgrades. While playing around with Anti-Malware I discovered you could easily hijack the upgrade mechanism. I blogged about one of their products, Malwarebytes Anti-Malware, before when it had some issues you can read that blog entry. In June of this year I was playing around with Malwarebytes’s products. CVE-2014-4936: Malwarebytes Anti-Malware and Anti-Exploit upgrade hijacking ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |