CVE Catalog

CVE-2022-50971

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that allows local attackers to escalate privileges by injecting malicious code into the system root path. Attackers can place executable files in unquoted path directories that execute with LocalSystem privileges during service startup or system reboot.

Risk Assessment

The risk is that a local attacker can gain full system privileges (LocalSystem), potentially leading to system compromise, malware installation, or data theft.

Recommendation

It is recommended to immediately update Malwarebytes to a version newer than 4.5 that fixes this vulnerability, and verify that service paths are properly quoted in the system configuration.

Original NVD description (English source)

Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that allows local attackers to escalate privileges by injecting malicious code into the system root path. Attackers can place executable files in unquoted path directories that execute with LocalSystem privileges during service startup or system reboot.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS