In Malwarebytes before 4.5.23, a symbolic link may be used delete any arbitrary file on the system by exploiting the local quarantine system. It can also lead to privilege escalation in certain scenarios.
References
Configurations
History
21 Nov 2024, 07:50
Type | Values Removed | Values Added |
---|---|---|
References | () https://support.malwarebytes.com/hc/en-us/articles/14279575968659-Malwarebytes-for-Windows-4-5-23-Release-Notes - Release Notes | |
References | () https://www.malwarebytes.com/secure/cves/cve-2023-26088 - Vendor Advisory |
28 Mar 2023, 20:10
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.malwarebytes.com/secure/cves/cve-2023-26088 - Vendor Advisory | |
References | (MISC) https://support.malwarebytes.com/hc/en-us/articles/14279575968659-Malwarebytes-for-Windows-4-5-23-Release-Notes - Release Notes | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CWE | CWE-59 | |
CPE | cpe:2.3:a:malwarebytes:malwarebytes:*:*:*:*:*:windows:*:* |
23 Mar 2023, 13:42
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-23 01:15
Updated : 2024-11-21 07:50
NVD link : CVE-2023-26088
Mitre link : CVE-2023-26088
CVE.ORG link : CVE-2023-26088
JSON object : View
Products Affected
malwarebytes
- malwarebytes
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')