CVE-2022-50971
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that allows local attackers to escalate privileges by injecting malicious code into the system root path. Attackers can place executable files in unquoted path directories that execute with LocalSystem privileges during service startup or system reboot.
Risk Assessment
The risk is that a local attacker can gain full system privileges (LocalSystem), potentially leading to system compromise, malware installation, or data theft.
Recommendation
It is recommended to immediately update Malwarebytes to a version newer than 4.5 that fixes this vulnerability, and verify that service paths are properly quoted in the system configuration.
Original NVD description (English source)
Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that allows local attackers to escalate privileges by injecting malicious code into the system root path. Attackers can place executable files in unquoted path directories that execute with LocalSystem privileges during service startup or system reboot.

